I'm seeing a weird network behaviour with my TCP 3-way handshake in my home lab.
Setup is from my Windows 10 host on one network, through pfSense, and into an Ubuntu VM on a different one. Firewalls are all off, or set to ANY-ANY - for sanity-checking, logs show no firewall block rules are being triggered.
- If I try to connect to a listening TCP service on a host in a different subnet, I send a SYN, receive a SYN-ACK, but the ACK never goes back out. This is from direct monitoring on my Win10 host using Wireshark.
- If I create the packets using raw sockets in scapy (using this script), I have no issues with network connectivity - I can do a full 3-way handshake, and indeed, download web pages using that script.
- This issue only seems to happen across subnets; whereby it routes through my pfSense. However given that I can manually craft the packets in scapy, my hunch is that this is not an issue at the pfSense level, since it seems to be my host that is not sending the ACK.
- If the target machine is on the same subnet, I see no odd behaviour.
- Windows firewall is completely off.
Does this problem sound familiar to anyone more versed in networking? Are there any other things I should be trying?