Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Jul 2002 09:24:55 +0400
From:      boris karlov <borman@blank.spb.ru>
To:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: 4.6-RELEASE / NATD + IPFW + keep-state
Message-ID:  <20020730052455.GA2719@xy.blank.spb.ru>
In-Reply-To: <20020730001956.A15831@rfc-networks.ie>
References:  <20020729144758.A11849@rfc-networks.ie> <20020729223214.GB1488@xy.blank.spb.ru> <20020730001956.A15831@rfc-networks.ie>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 30 Jul 2002 00:19:56 +0000, Philip Reynolds <philip.reynolds@rfc-networks.ie> wrote:
> boris karlov <borman@blank.spb.ru> 48 lines of wisdom included:
> > On Mon, 29 Jul 2002 14:47:58 +0000, Philip Reynolds <philip.reynolds@rfc-networks.ie> wrote:
> > > 
> > >     divert 8668 ip from any to any
> > 
> > -- mb, divert 8668 ip from any to any via xl0?
> 
> This is actually what I have (unfortunately messing around with my
> rules etc. caused me to paste not quite the exact ruleset I started
> out with).

-- in this case all my previous words are useless ;-)

> 
> The still works as I documented in my previous mail, with ``ipfw -d
> list'' bring up two connections.
> 
> 
> What I'm curious about is the connection which is showing up in
> ``ipfw -d list'', which is timing out according to
> "net.inet.ip.fw.dyn_syn_lifetime:".

-- since it's unclear at all for me I suppose to audit connections with
tcpdump (both ifaces), turn on ipfw logging (almost all rules) and verbose natd.
too much logs to check but may be you can find an answer.

--
regards,
boris karlov.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020730052455.GA2719>