Date: Fri, 31 Aug 2007 09:38:57 -0400 From: "Grant Peel" <gpeel@thenetnow.com> To: "Mel" <fbsd.questions@rachie.is-a-geek.net>, <freebsd-questions@freebsd.org> Subject: Re: IPFW - Keep State Message-ID: <002301c7ebd4$47de17c0$6501a8c0@GRANT> References: <001a01c7ebcb$53e455b0$6501a8c0@GRANT> <200708311521.28643.fbsd.questions@rachie.is-a-geek.net>
index | next in thread | previous in thread | raw e-mail
I don't use NAT, so is there any other compelling reasons? Speed etc? -Grant ----- Original Message ----- From: Mel To: freebsd-questions@freebsd.org Sent: Friday, August 31, 2007 9:21 AM Subject: Re: IPFW - Keep State On Friday 31 August 2007 14:34:51 Grant Peel wrote: > In a nutsheel, is it really necessary, or is thier a really compelling > reason to use keep-state for a normal web - email server? > > I sometimes see "Too many dynamic rules" and can see a correlation between > customer complaints and these log entries. > > My server all have about 200 rules, most of them counters for bandwidth > accounting. It is necessary for NAT, since it doesn't know what to do with replies from webservers otherwise (internet:80 => $ext_addr:high_port = what?) -- Mel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" ------------------------------------------------------------------------------ Total Control Panel Login To: gpeel@thenetnow.com Block messages from this sender (blacklist) From: owner-freebsd-questions@freebsd.org Remove this sender from my whitelist You received this message because the sender is on your whitelist.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002301c7ebd4$47de17c0$6501a8c0>