Does anyone know if the mac address is used in the keep state part of a tcp connection?
I have a rule on a Solaris 10 box using ipfilter 4.0.2 (comes with sol10) that looks like this: block in log all block out log all pass in quick on hme0 log proto tcp from any to MYIP port = 22 keep state That's it. I can connect from one host on the network but not from another. When I watch ipmon from the good host I see a keep state entry being created. From the other host I do not. I instead see the pass on the K-S rule for the S packet, but the SA packet is being blocked by the block out entry. ipfilter did not establish an entry in the state table. The only difference I can see between the two hosts is when watching snoop. From the good host, I see the SRC mac address of the gateway router/switch. But when I snoop the bad host, I see a mac address that I have not yet found on my network. (I don't run the network gear so this will take time) So I get a packet with a SRC MAC not of the default gateway. The state table has 5 entries in it (not full), I've flushed and restarted many times, ipstat -io shows just the 3 rules, and nothing else seems unusual. Anyone know if the mac address matters or have other ideas to check? Thanks! Jim __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp
