Christian Karpp wrote: > Darren Reed wrote: > > > ahh, try "ipfstat | grep Ticks"... > > OK, now I can see that the counter does not increase. > It's always "IPF Ticks: 0" > > However, I don't see the link yet between IPF ticks in ipfilters and > the age counter in ipnat. Do ipfilters have to run (e.g. with at least > a "pass all") in order to make ipnat work?
This means that whoever did the port of IPFilter to AIX didn't get the timeout function working. This means that none of the NAT or state table entries will ever expire. At some point it would probably help if someone at IBM could send me a box to run AIX on if IBM expects me to answer more questions on IPFilter running there. Darren
