On 2019-07-29, Predrag Punosevac <punoseva...@gmail.com> wrote: > Hi Misc, > > I am using Edgerouter lite as a firewall/DNS cashing resolver for one of > our remote location > > ubnt1# uname -mrsv > OpenBSD 6.5 GENERIC.MP#0 octeon > > The desktops behind the firewall have to use Kerberised SSH to perform > some work on one of .mil servers. I opened egress ports kerberos, > klogin, kshell TCP protocol as well as kerberos UDP. After the work is > finished and desktops are "logged out" routing tables (dns) are in a bad > state on the firewall. A simple > > pfctl -F all -f /etc/pf.conf > > fixes the problem and desktops can again do DNS resolving and surfing > the Internet. > > Could somebody give me a head start how to go about further trouble > shooting and fixing the problem? Obviously flashing states is not very > convenient. > > Most Kind Regards, > Predrag Punosevac > >
Can you go into some more details about what the "bad state" is? "routing tables (dns) are in a bad state on the firewall" doesn't explain much (and doesn't really make sense, dns has nothing to do with routing tables..)
