Date: Thu, 30 Jan 2003 00:58:36 +0100 From: "Simon L. Nielsen" <simon@nitro.dk> To: Trent Nelson <trent@limekiln.vcisp.net> Cc: freebsd-net@freebsd.org Subject: Re: ipfw keep-state problem Message-ID: <20030129235835.GF327@nitro.dk> In-Reply-To: <20030129213450.GA6421@limekiln.vcisp.net> References: <20030129213450.GA6421@limekiln.vcisp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--hoZxPH4CaxYzWscb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003.01.29 21:34:50 +0000, Trent Nelson wrote: > If I had to take a wild guess, I'd say that the keep-state setup > rules added dynamically are expiring too quickly, and thus, subseq- > uent traffic is hitting the ``deny tcp from any to any established'' > rule. Yes this happens with ipfw1. You can use ipfw2 (which sends keep-alive for tcp connections) or increase the lifetime of dynamic rules. I'm using ipfw2 and it works fine - I had the same problem with ipfw1. --=20 Simon L. Nielsen --hoZxPH4CaxYzWscb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+OGqr8kocFXgPTRwRAiKzAKCmRofHPG1nIVgx3vFRSbNb7ayA9gCdHGnw hWNzsDA8WmQinjHrbllK/dY= =HTqn -----END PGP SIGNATURE----- --hoZxPH4CaxYzWscb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030129235835.GF327>