Date: Tue, 30 Jul 2002 09:24:55 +0400 From: boris karlov <borman@blank.spb.ru> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: 4.6-RELEASE / NATD + IPFW + keep-state Message-ID: <20020730052455.GA2719@xy.blank.spb.ru> In-Reply-To: <20020730001956.A15831@rfc-networks.ie> References: <20020729144758.A11849@rfc-networks.ie> <20020729223214.GB1488@xy.blank.spb.ru> <20020730001956.A15831@rfc-networks.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 30 Jul 2002 00:19:56 +0000, Philip Reynolds <philip.reynolds@rfc-networks.ie> wrote: > boris karlov <borman@blank.spb.ru> 48 lines of wisdom included: > > On Mon, 29 Jul 2002 14:47:58 +0000, Philip Reynolds <philip.reynolds@rfc-networks.ie> wrote: > > > > > > divert 8668 ip from any to any > > > > -- mb, divert 8668 ip from any to any via xl0? > > This is actually what I have (unfortunately messing around with my > rules etc. caused me to paste not quite the exact ruleset I started > out with). -- in this case all my previous words are useless ;-) > > The still works as I documented in my previous mail, with ``ipfw -d > list'' bring up two connections. > > > What I'm curious about is the connection which is showing up in > ``ipfw -d list'', which is timing out according to > "net.inet.ip.fw.dyn_syn_lifetime:". -- since it's unclear at all for me I suppose to audit connections with tcpdump (both ifaces), turn on ipfw logging (almost all rules) and verbose natd. too much logs to check but may be you can find an answer. -- regards, boris karlov. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020730052455.GA2719>