Daniel Hartmeier <[EMAIL PROTECTED]> writes: [...] > > Sounds like the source/destination address/port pair is reused before > the state is removed. For instance, if the first connections uses > 10.1.2.3:789 <-> 10.2.3.4:514, the client is not allowed to reuse source > port 789 before 2MSL (about 120 seconds) for another connection to > 10.2.3.4:514. If it does, it violates TCP, and confuses pf.
Yes that is the problem I get BAD State with the misc debug. How come this violates TCP? ----- Dec 17 09:45:02 fw /bsd: pf: BAD state: TCP 10.32.254.13:514 10.32.254.13:514 10.32.10.3:1023 [lo=4091004600 high=4091200080 win=63712 modulator=0 wscale=0] [lo=4088272098 high=4088335810 win=48870 modulator=0 wscale=2] 9:9 S seq=4111446242 ack=4088272098 len=0 ackskew=0 pkts=4313:2382 dir=in,fwd Dec 17 09:45:02 fw /bsd: pf: State failure on: 1 | 5 ----- [...] Is there any solution in order to keep state and manage to forward packet for that crappy rsh implementation (linux is not ok, sgi is ok). >From my point of view i don't see any apart from disabling the stateful inspection. Thanks for you help -- Lo�c
