OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: jmp20 on February 14, 2019, 05:18:13 pm

Title: Critical 19.1 production - cksum error when using ftpproxy
Post by: jmp20 on February 14, 2019, 05:18:13 pm

Hello Team,

I am facing a continuous problem with ftpproxy. Any time I use ftpproxy I get a check sum error on the sent packets thus outgoing FTP connections fail. The setup is for outgoing ftp from local users to internet via port 21 then forwarding to ftpproxy via port 8021. I disabled cksum for the 'em1' device with command line but it does not help (# ifconfig em1 -txcsum). This error happens no matter what ftp client I utilize. I have searched this forum and FreeBSD about this error to no avail. Any help you can provide with this is greatly appreciated.

OPNsense  Version
OPNsense 19.1-amd64
FreeBSD 11.2-RELEASE-p8-HBSD
OpenSSL 1.0.2q 20 Nov 2018
System Hardware:
  VMWare esx 6.5
 
Firewall Log:

Code: [Select]

00:00:06.789708 rule 51/0(match): pass out on lo0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.11.12.13.11691 > 10.11.12.13.21: Flags [S], cksum 0x0cfe (incorrect -> 0xc003), seq 2844765433, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 62437946 ecr 0], length 0
 00:00:00.000022 rule 50/0(match): pass in on lo0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 0 (->2ded)!)
    10.11.12.13.11691 > 10.11.12.13.21: Flags [S], cksum 0x0cfe (incorrect -> 0xc003), seq 2844765433, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 62437946 ecr 0], length 0
 00:00:01.105789 rule 54/0(match): pass in on em1: (tos 0x0, ttl 119, id 26976, offset 0, flags [DF], proto TCP (6), length 52)
 00:00:00.138671 rule 51/0(match): pass out on lo0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.11.12.13.19435 > 10.11.12.13.21: Flags [S], cksum 0x0cfe (incorrect -> 0x19a3), seq 2737343667, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 2387100 ecr 0], length 0
 00:00:00.000020 rule 50/0(match): pass in on lo0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 0 (->2ded)!)
    10.11.12.13.19435 > 10.11.12.13.21: Flags [S], cksum 0x0cfe (incorrect -> 0x19a3), seq 2737343667, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 2387100 ecr 0], length 0

Thank you!
jmp