Neil wrote:
Hi everyone,
Just chat with someone in #pf and found out that pf at the moment cannot
maintain state on TCP connections from internal machine to external
machine when network cable on master firewall's external interface is
removed.
Anyways, most connections are coming from
On Sep 26, 2005, at 1:31 AM, Neil wrote:
Hi Jason,
I would like to try your #1 suggestion but unfortunately, I don't
know where to start. What are the programs I need? What
configuration? Is there any existing sample configuration on a link
that I can follow?
Thanks for explaining this
On Sep 25, 2005, at 8:30 AM, Neil wrote:
Yep, the same behavior when the master dies. The solution that the
person in #pf told me is use routing but I don't know how to
implement. He told me that it's an issue in pf's NAT.
Bullshit.
Ok, here is the layman's description of the problem and
Hi Jason,
I would like to try your #1 suggestion but unfortunately, I don't know where
to start. What are the programs I need? What configuration? Is there any
existing sample configuration on a link that I can follow?
Thanks for explaining this in very detail.
Neil
Jason Dixon writes:
On Sep 25, 2005, at 9:39 PM, Jason Dixon wrote:
On Sep 25, 2005, at 8:30 AM, Neil wrote:
Yep, the same behavior when the master dies. The solution that the
person in #pf told me is use routing but I don't know how to
implement. He told me that it's an issue in pf's NAT.
Bullshit.
Ok,
On Sep 26, 2005, at 11:07 AM, Chad M Stewart wrote:
On Sep 25, 2005, at 9:39 PM, Jason Dixon wrote:
On Sep 25, 2005, at 8:30 AM, Neil wrote:
Yep, the same behavior when the master dies. The solution that
the person in #pf told me is use routing but I don't know how to
implement. He told
Hi everyone,
Just chat with someone in #pf and found out that pf at the moment cannot
maintain state on TCP connections from internal machine to external machine
when network cable on master firewall's external interface is removed.
Anyways, most connections are coming from outside to inside
On 00:21, Sun 25 Sep 05, Neil wrote:
Hi everyone,
Just chat with someone in #pf and found out that pf at the moment cannot
maintain state on TCP connections from internal machine to external machine
when network cable on master firewall's external interface is removed.
Anyways, most
Hi Joel,
I just created a new email post. :)
Thanks,
neil
j knight writes:
Neil wrote:
Yup that did the fix for the inbound. Now, I tried connecting to an ssh
server from the internal machine to the external machine running openssh
and i disconnected the cable, however, the ssh
Neil wrote:
Ok guys. I will do it tonight once I reach home. I will also send my
pf.conf file.
Also, does it matter since I have different interfaces on FW1 and FW2?
FW1, xl0, fxp0 and fxp1
FW2: rl0, fxp0 and ne3
You're using 'set state-policy if-bound' so yes, that does matter.
Remove that
Yup that did the fix for the inbound. Now, I tried connecting to an ssh
server from the internal machine to the external machine running openssh and
i disconnected the cable, however, the ssh session was not able to recover.
What should I change in my pf.conf configuration.
Thanks for the
Hi guys,
I got pf and carp working together. However, I have noticed that TCP
oriented application doesn't get recover well when I disconnect a cable. I
setup a netcat listener on a machine inside the network. Then I ran netcat
from another machine outside the network. I was able to connect
Neil wrote:
Hi guys,
I got pf and carp working together. However, I have noticed that TCP
oriented application doesn't get recover well when I disconnect a cable.
I setup a netcat listener on a machine inside the network. Then I ran
netcat from another machine outside the network. I was able
I got pf and carp working together. However, I have noticed that TCP
oriented application doesn't get recover well when I disconnect a
cable. I setup a netcat listener on a machine inside the network.
Then I ran netcat from another machine outside the network. I was
able to connect and was
Ok guys. I will do it tonight once I reach home. I will also send my pf.conf
file.
Also, does it matter since I have different interfaces on FW1 and FW2?
FW1, xl0, fxp0 and fxp1
FW2: rl0, fxp0 and ne3
Thanks guys! ;)
Neil
Matt Rowley writes:
I got pf and carp working together.
Hi everyone,
Firewall 1 troubleshooting info can be found at
http://restricted.dyndns.org/pffw1.txt
Firewall 2 @ http://restricted.dyndns.org/pffw2.txt
The links include:
1. ifconfig output pre/post cable removal
2. pfctl -s state pre/post cable removal
3. pf.conf configs of both firewall
16 matches
Mail list logo
