> Traffic flow:
>
> x.x.12.x -> bridge -> router -> bridge -> x.x.13.x
This is exactly what I meant saying the traffic goes twice through the
bridge. And this is is also where I experienced my problem too. I also
have several subnets that must bounce through the bridge to the router and
come back.
>
> When state was kept on this flow, it would exhibit the weird 96k
> stoppage mentioned earlier, regardless of protocol (http, ssh, ftp,
> etc)
We are probably having the same problem with our user stuck transferring
file with http to the Dokeos e-learning CMS. One admin indicated to me
that antivirus update with ftp failes once in a while.
I do not know if you notice also that using modulate state or synproxy
state would prohibit completely ssh as opposed to keep state ?
Things are wrong somewhere (in our understanding or as a bug), using
bridge in pf with a bouncing traffic back and forth through the bridge to
an external router.
Two solutions, which are rather workaround might exists mentionned here:
- using tag only rules to avoid mentionning interfaces in rules.
- using bandwith control like you described.
I'all try out and let you know. I feel a little uncomfortable to find the
cause of many strange things happening like traffic half blocked and
unresponding hosts and not the least: completely hung firewall once in a
while.
Regards
Fran�ois
--
Francois TAMONE - Centre Informatique
Ecole d'Ingenieurs de Geneve tel:+41-(22)-338 05 39
Rue de la Prairie 4 fax:+41-(22)-338 05 33
CH-1202 Geneva SWITZERLAND, e-mail:[EMAIL PROTECTED],
U=tamone,H=eig,D=unige,C=ch
