Is the FreeBSD box a router as well? I would try running the firewall completely in stateless mode. If you still have problems then it almost certainly has nothing to do with the firewall. You may want to verify network/connection quality with standard tools like ping to check for packet loss etc.
I don't think the problem is the firewall, but to verify that it isn't get rid of the state stuff or event take out all filtering and run the firewall to pass in/out everthing, or whatver is the minimal that is acceptable.
What do logs on the telnet server side say about connections.
-steve
Yes, this box is a router too, and for other two networks. Connections for other links flows without problems. I'll try to remove keep state stuff and make some tests.. There's other thing very strange, I've been monitoring this connection with ipmon -a | grep mainframe's IP, people that can't connect still pass on the the firewall (then can make a connection and a nat session) but it seems to go and never go back or go and don't get there.. I don't have access to mainframe connection logs..
Thanks for your help! -- %------------------------% | Alexandre Vasconcelos | | Unix Admin | | SSPJ/GO | %------------------------% | FreeBSD, Unix and Free | %------------------------%
