In the logs I noticed the following entries (a few thousand):
DROP_CTINVALID red0 TCP 10.8.8.205 x.x.x.208 443(HTTPS) 54518
DROP_NEWNOTSYN red0 TCP 10.8.8.205 x.x.x.208 7778 49824
The disconnection takes about 5 minutes during which the respective logs appear, after which everything works correctly. From outside of LAN (Green) everything running normally (Ex: If I connect from my phone to respective server it’s working).
The Border Router make src nat and dst nat for that server (10.8.8.205 to x.x.x.205).
The problem has been manifesting for several days and I don’t know where to start. I downgraded both routers, but it still appears. It usually appears 4, 5 times a day, for 5 minutes each.
I ask you for an advice, what do you think is wrong. Who is guilty: Border Router or IPFire?
Thank you for your reply.
I did a search before to create this topic, and I found results you re-posted, but didn’t help me a lot, maybe only to not see more logs, but the disconnects problems still exist.
I exclude the border router because the outside can access the server without interruptions.
Next step I will try to replace the IPFire machine with another one, with an older version, maybe Core-Update 170.
I can’t explain packets coming from an Private IP (10.8.8.205) to the WAN (Red) of the IPFire (x.x.x.208 - public IP). I believed on the public side exists only public IP’s.