From owner-freebsd-questions Wed Feb 21 15:37:28 2001 Delivered-To: freebsd-questions@freebsd.org Received: from nova.fqdn.com (fqdn.com [204.138.49.210]) by hub.freebsd.org (Postfix) with ESMTP id 0CEB137B401 for ; Wed, 21 Feb 2001 15:37:25 -0800 (PST) (envelope-from greg@fqdn.com) Received: from tyan (greg [204.138.49.213]) by nova.fqdn.com (SGI-8.9.3/8.9.3) with SMTP id SAA43354; Wed, 21 Feb 2001 18:25:08 -0500 (EST) From: "greg" To: "Tony Landells" Cc: Subject: RE: NAT and keep-state issue. Date: Wed, 21 Feb 2001 18:35:54 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Just another thought on that Tony, I think I read somewhere that if there is not a 'check-state' rule, the dynamic rules would be checked at the first instance of "keep-state". Is this your understanding too? take care, greg -----Original Message----- From: greg [mailto:greg@fqdn.com] Sent: Wednesday, February 21, 2001 6:20 PM To: Tony Landells; greg@nova.fqdn.com Cc: freebsd-questions@FreeBSD.ORG Subject: RE: NAT and keep-state issue. Sory about the lack of lf/cr. Ok what your seeing there is the rule set *after* I had removed the check state rule in an effort to problem solve. 3 minutes befor I sent that letter this rule existed: 1055 check-state (befor the divert rule) As a note I also tried moving it to the next rule after the divert(1065). xl0 is the internal NIC fxp0 and fxp1 face the internet. Thanks for taking the time to look at this Tony. Greg >Please keep your lines a bit shorter--a couple of them were, um, quite long... > >I may be going blind, but I can't see where you're doing a "check-state"... >Without that you'll never check the dynamic rules. >Cheers, >Tony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message