On Fri, Jul 23, 2010 at 07:51:48AM +0200, Jan Lentfer wrote: > Matthew Dillon schrieb: > > default to be that a router reboot causes all active TCP connections > > to get RST'd.
I think the 'openbsd preferred' way for 'router reboots' is to carp + pfsync 2 routers and do any maintenance updates that way.. of course this presupposes sufficient hardware.. IIRC pfsync is a 'versioned' protocol so it's forward compatible with itself.. which brings up carp + pfsync - was this tested / does this apply? (I recall some breakage previously - don't remember if that was sorted out or not..) > Hmm... I use PF on OpenBSD 4.6 as my primary router to internet. I am > quite sure that rdr rules are subject to nat'ing but I will try to > create a test setup to evaluate. am currently sshed in to a df machine behind a ssh-port forwarded openbsd soekris that is on a nat behind another port forwarded nat (some linksys box) so yeah - works for me too - also worked on 2.4 dragonfly IIRC with http rdr + nat - before I setup the soekris I had a 2-node mini net on the same 'wide area lan' linksys setup.. so works in the 'reference' and I 'm pretty sure it worked on 2.4 (maybe 2.5) dragonfly too.. can send pf.conf from both along if that would help if perhaps there is some unknown bug.. oh right - and THIS IS AWESOME GOOD JOB! cheers - Chris
