From owner-freebsd-security Sat Aug 11 7:38:46 2001 Delivered-To: freebsd-security@freebsd.org Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169]) by hub.freebsd.org (Postfix) with ESMTP id 6D6A937B401 for ; Sat, 11 Aug 2001 07:38:40 -0700 (PDT) (envelope-from kzaraska@student.uci.agh.edu.pl) Received: by pa169.kurdwanowa.sdi.tpnet.pl (Postfix, from userid 1001) id A17331C87; Sat, 11 Aug 2001 16:38:23 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with ESMTP id 5713A5493; Sat, 11 Aug 2001 16:38:23 +0200 (CEST) Date: Sat, 11 Aug 2001 16:38:22 +0200 (CEST) From: Krzysztof Zaraska X-Sender: kzaraska@lhotse.zaraska.dhs.org To: John Van Boxtel Cc: freebsd-security@FreeBSD.ORG Subject: Re: distributed natd In-Reply-To: <004701c1221a$89c57dc0$6b00a8c0@vanbo.whoowl.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Keeping with the above ping pong idea, maybe instead of icmp packets you can > stick with TCP and have the data in the packet have some sort of "upstream > ok" / "upstream down" bit in it... By "ping" I did not mean sending ICMP to peer gateway, but sending a special command over this TCP/UDP link between gateways forcing the other end to issue a reply. However it came up to me later, that if we have traffic, then we have state tables updated constantly, thus alive gateway should send the others notifications all the time. So we should try to "ping" it only it case it goes silent (=no update request within given interval) to see if it died or workstation users went home ;) "Upstream up/down" flag is a good idea. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message