I've had similar problems on Solaris machines where the interfaces lived on the same physical network. Are any of qfe0,1,2,3 on the same network? If so, try telling the system in the firmware to use onboard mac for each card.
at the "ok" prompt: setenv local-mac-address? true Also, something else I've had to do from time to time was to force a static arp entry with the correct mac/ip on my clients on the LAN for the side of the ipfilter box that they access, because arp would sometimes have the mac address of 1 interface matched with the IP of another interface. Again, I believe this all comes from having all the interfaces on the same network where they can all see each others broadcasts. --- Alexander Stade <[EMAIL PROTECTED]> wrote: > I am having trouble with 3.4.31 on Solaris 9. I > compiled 3.4.31 with Sun's > Forte 7 compiler and the host is an Ultra 1 with a > quadfast ethernet card. > > When I make an inbound SSH connection, it sometimes > doesn't fully establish > the SSH session. I have to ^C and rerun the SSH > command. Then it works. > After a few minutes however, the connection drops. > > The client keeps resending data as it expects ACKs. > The server never sees > that data and just quietly listens. I can initiate a > new SSH connection > inbound, but this will also fail after a few > minutes. > > The time it takes for the connection to sever is > arbitrary. Sometimes within > seconds, other times within minutes. Any ideas? > > Here's my ipf.conf: > > pass in log quick on qfe0 proto tcp from any to > 192.168.102.25/32 port = 22 > flags S keep state > pass in log quick on qfe0 proto tcp from any to > 192.168.102.25/32 port = 113 > flags S keep state > > pass in quick on qfe0 proto udp from any to any port > = 68 > > pass out quick on qfe0 proto tcp from any to any > flags S keep state > pass out quick on qfe0 proto udp from any to any > > pass in quick on qfe1 from any to any > pass out quick on qfe1 from any to any > > pass in quick on qfe2 from any to any > pass out quick on qfe2 from any to any > > pass in quick on qfe3 from any to any > pass out quick on qfe3 from any to any > > block in on qfe0 proto tcp all > block return-rst in on qfe0 proto tcp all flags S > block out all > > And this is my ipnat.conf: > > map qfe0 192.168.101.0/24 -> 0/32 proxy port 21 > ftp/tcp > map qfe0 192.168.101.0/24 -> 0/32 proxy port 500 > ipsec/udp > map qfe0 192.168.101.0/24 -> 0/32 proxy port 1720 > h323/tcp > map qfe0 192.168.101.0/24 -> 0/32 proxy port 7070 > raudio/tcp > map qfe0 192.168.101.0/24 -> 0/32 portmap tcp/udp > 50000:60000 > map qfe0 192.168.101.0/24 -> 0/32 > map qfe0 192.168.102.0/24 -> 0/32 proxy port 21 > ftp/tcp > map qfe0 192.168.102.0/24 -> 0/32 proxy port 500 > ipsec/udp > map qfe0 192.168.102.0/24 -> 0/32 proxy port 1720 > h323/tcp > map qfe0 192.168.102.0/24 -> 0/32 proxy port 7070 > raudio/tcp > map qfe0 192.168.102.0/24 -> 0/32 portmap tcp/udp > 50000:60000 > map qfe0 192.168.102.0/24 -> 0/32 > rdr qfe0 0/0 port 22 -> 192.168.102.25 port 22 > rdr qfe0 0/0 port 113 -> 192.168.102.25 port 113 > > Thanks, > > -Alex > > _________________________________________________________________ > The new MSN 8: advanced junk mail protection and 2 > months FREE* > http://join.msn.com/?page=features/junkmail > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
