Date: Thu, 22 May 2003 07:18:54 -0500 (CDT) From: Tommy Forrest <tforrest@shellworld.net> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw rules for low-end server?? Message-ID: <Pine.BSF.4.55.0305220716460.57830@server1.shellworld.net> In-Reply-To: <3ECC2480.8040805@mac.com> References: <EGEDIDPPMCIONDEPOLNFOEDMCLAA.andras@kende.com> <3ECC2480.8040805@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 May 2003, Chuck Swiger wrote: ---snip--- > > > Should I use ipfw "dynamic" or "stateful" rules? > > Given that you are doing NAT, you might try using dynamic rules > (keep-state/check-state), but how you configure your firewall rules > should be based more on what's simple, easy to understand, and does the job. > And if you can actually get dynamic rules to work w/o timing out on you in 25 seconds on FBSD 4.8, please, let me know. I've about pulled out the last hair on my head with the install of 4.8 I have. Telnet out, let it sit for 25 seconds and bickitie bam, no more connection - even though checking the rules, shows the telnet rule has 275 seconds left before a keep-alive test. Problem exists with ipfw2 as well.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.55.0305220716460.57830>