From owner-freebsd-ipfw  Mon Jul 29 22:25: 2 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B802A37B400
	for <freebsd-ipfw@FreeBSD.ORG>; Mon, 29 Jul 2002 22:24:58 -0700 (PDT)
Received: from xy.blank.spb.ru (xy.blank.spb.ru [194.67.6.187])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9D1F943E67
	for <freebsd-ipfw@FreeBSD.ORG>; Mon, 29 Jul 2002 22:24:57 -0700 (PDT)
	(envelope-from borman@blank.spb.ru)
Received: from xy.blank.spb.ru (localhost.blank.spb.ru [127.0.0.1])
	by xy.blank.spb.ru (8.12.3/8.12.3/blank) with ESMTP id g6U5OuKj002782
	for <freebsd-ipfw@FreeBSD.ORG>; Tue, 30 Jul 2002 09:24:56 +0400 (MSD)
	(envelope-from borman@xy.blank.spb.ru)
Received: (from borman@localhost)
	by xy.blank.spb.ru (8.12.3/8.12.3/Submit) id g6U5OtkN002781
	for freebsd-ipfw@FreeBSD.ORG; Tue, 30 Jul 2002 09:24:55 +0400 (MSD)
Date: Tue, 30 Jul 2002 09:24:55 +0400
From: boris karlov <borman@blank.spb.ru>
To: freebsd-ipfw@FreeBSD.ORG
Subject: Re: 4.6-RELEASE / NATD + IPFW + keep-state
Message-ID: <20020730052455.GA2719@xy.blank.spb.ru>
Mail-Followup-To: freebsd-ipfw@FreeBSD.ORG
References: <20020729144758.A11849@rfc-networks.ie> <20020729223214.GB1488@xy.blank.spb.ru> <20020730001956.A15831@rfc-networks.ie>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20020730001956.A15831@rfc-networks.ie>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

On Tue, 30 Jul 2002 00:19:56 +0000, Philip Reynolds <philip.reynolds@rfc-networks.ie> wrote:
> boris karlov <borman@blank.spb.ru> 48 lines of wisdom included:
> > On Mon, 29 Jul 2002 14:47:58 +0000, Philip Reynolds <philip.reynolds@rfc-networks.ie> wrote:
> > > 
> > >     divert 8668 ip from any to any
> > 
> > -- mb, divert 8668 ip from any to any via xl0?
> 
> This is actually what I have (unfortunately messing around with my
> rules etc. caused me to paste not quite the exact ruleset I started
> out with).

-- in this case all my previous words are useless ;-)

> 
> The still works as I documented in my previous mail, with ``ipfw -d
> list'' bring up two connections.
> 
> 
> What I'm curious about is the connection which is showing up in
> ``ipfw -d list'', which is timing out according to
> "net.inet.ip.fw.dyn_syn_lifetime:".

-- since it's unclear at all for me I suppose to audit connections with
tcpdump (both ifaces), turn on ipfw logging (almost all rules) and verbose natd.
too much logs to check but may be you can find an answer.

--
regards,
boris karlov.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message