|
Title: BADTCP to routed network Post by: Sainsuper2019 on Saturday 04 May 2019, 12:42:29 am hello i have a routed problem with endian 3.3
my configuration is green 192.168.0.1 red 82.x.x.x in the same LAN there is a gateway(192.168.0.5) to do vpn to external network 192.168.1.0 in endian a i have created a route to redirect traffic to 192.168.1.0 using 192.168.0.5 the route works if i made ping o tracert on a Windows machine, bat if i try to use remote desktop or ssh or lan access dosn't work. in a log firewall i see: BADTCP:DROP TCP (br0) 192.168.0.53:54159 -> 192.168.1.20:22 (br0) - MAC=00:0c:29:0d:c0:bf:00:0c:29:ae:1d:72:08:00 LEN=40 TOS=00 PREC=0x00 TTL=127 ID=21819 DF SEQ=2300448212 ACK=173446266 WINDOW=260 ACK URGP=0 MARK=0 from endian shell instead ssh to this network works. i have made many search in this forum and the only way to resolv this problem is disable BADTCP like this post: h ttp://efwsupport.com/index.php?topic=5548.0 but i don't want to disable badtcp. there is no way to exclude remote network from badtcp without disable it? Title: Re: BADTCP to routed network Post by: Dark-Vex on Monday 06 May 2019, 05:32:13 pm BADTCP usually means that the connection doesn't comeback by following the same path.
So in your case could be that the request made by 192.168.0.53 to 192.168.1.20 is passing through 192.168.0.5 but comeback to your PC directly instead of passing back through 192.168.0.5 Title: Re: BADTCP to routed network Post by: Sainsuper2019 on Tuesday 07 May 2019, 05:40:09 pm thanks for replay, how i can test if is this case?
Title: Re: BADTCP to routed network Post by: Dark-Vex on Monday 13 May 2019, 05:07:37 pm To see if this is the case you can temporary disable the BADTCP feature.
In order to do this, you should connect via SSH and run the following commands: Code: root@efw:~ # echo ENABLE_BADTCP=off > /var/efw/firewall/settings root@efw:~ # chown nobody:nogroup /var/efw/firewall/settings root@efw:~ # jobcontrol restart firewall --force |