Hi, Something weird is happening to one of my firewall running OPENBSD_3_4
This box is loaded with 23 interfaces (3 quad intel, 1 dual fiber intel, and 2 quad dlink plus one em onboard). The problem is that we use on the internal network rsh to connect for different reasons. and with a (keep|modulate) state rule the linux boxes (both redhat and debian) can connect to the remote host perhaps once or twice and then hangs for some times and finally connect. without keep or modulate state, the boxes connect straight to the remote host. I quite don't understand why this simple setup does'nt work: pass in on $int_client all keep state pass out on $int_client all keep state and then pass in on $int_server all keep state pass out on $int_server all keep state As you see this is simple, but it does'nt work, I have no specific options on max connection or else. from my debugging, the first connection (which works) goes from one interface to pf then to the ountbound interface (keep state make the return). and then with tcpdump on the $int_client I see the other connection (the SYN) and no evaluation at all in pf (pfctl -vss) and tcpdump on pflog0. So the packet does not go through pf when the keep state feature is enabled. One more thing, I tried the exact same setup whith an rsh client on an sgi plateform and it works flawless all the time (with the keep/modulation state). I quite don't understand what's going on with pf on this issue, So if anybody can guide me on debugging this problem, i'd like to find out why the linux rsh client implementation does'nt like the pf stateful inspection. Thanks. -- Lo�c
