From owner-freebsd-pf@FreeBSD.ORG Sun Aug 31 18:06:21 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72E78106564A for ; Sun, 31 Aug 2008 18:06:21 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA02.westchester.pa.mail.comcast.net (qmta02.westchester.pa.mail.comcast.net [76.96.62.24]) by mx1.freebsd.org (Postfix) with ESMTP id 1AEF98FC1A for ; Sun, 31 Aug 2008 18:06:20 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA02.westchester.pa.mail.comcast.net ([76.96.62.19]) by QMTA02.westchester.pa.mail.comcast.net with comcast id 91bH1a0090QuhwU5266Lrj; Sun, 31 Aug 2008 18:06:20 +0000 Received: from koitsu.dyndns.org ([67.180.253.227]) by OMTA02.westchester.pa.mail.comcast.net with comcast id 966H1a00L4v8bD73N66JqL; Sun, 31 Aug 2008 18:06:18 +0000 X-Authority-Analysis: v=1.0 c=1 a=QycZ5dHgAAAA:8 a=HSDlHQcgYpBBZRYkYG8A:9 a=weBh9fGcv_RxS_YzsGBrbnaAL6kA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id E048717B81A; Sun, 31 Aug 2008 11:06:18 -0700 (PDT) Date: Sun, 31 Aug 2008 11:06:18 -0700 From: Jeremy Chadwick To: ben wilber Message-ID: <20080831180618.GA34269@icarus.home.lan> References: <20080829105422.GI1644@exodus.desync.com> <20080829110358.GA72503@icarus.home.lan> <20080829125549.GR64444@egr.msu.edu> <20080831172943.GA26180@exodus.desync.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080831172943.GA26180@exodus.desync.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-pf@freebsd.org Subject: Re: pf and mxge X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Aug 2008 18:06:21 -0000 On Sun, Aug 31, 2008 at 01:29:43PM -0400, ben wilber wrote: > On Fri, Aug 29, 2008 at 08:55:49AM -0400, Adam McDougall wrote: > > I've seen this problem on RELENG_6, although the SSH connections > > would not "time out" -- after a page or so of 'dmesg' output, they > > would immediately get disconnected/severed. I believe the problem was > > caused by my use of "modulate state" instead of "keep state" (since on > > RELENG_6 "keep state" is not implicit). > > Bingo. The problem was "modulate state". Sorry if the answer is > obvious, but any idea why a new NIC might have aggravated this? A new NIC wouldn't have had anything to do with the problem; it's probably always been there, or you just didn't notice it before. :-) -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |