Re: Sometime NAT, sometimes NOT?

Maybe try to check and possibly replace the interfaces involve as well as the cables and let us know if this issue still occur. pfctl -x loud tail -f /var/log/messages ~BAS On Mon, 11 Jun 2007, Geraerts Andy wrote: We have an OpenBSD firewall running for a while now. Since a few days

Re: Sometime NAT, sometimes NOT?

] Verzonden: dinsdag 12 juni 2007 22:03 Aan: Geraerts Andy CC: misc@openbsd.org Onderwerp: RE: Sometime NAT, sometimes NOT? pfctl -x loud tail -f /var/log/messages ~BAS On Mon, 11 Jun 2007, Geraerts Andy wrote: We have an OpenBSD firewall running for a while now. Since a few days we encounter

Re: Sometime NAT, sometimes NOT?

Geraerts Andy [EMAIL PROTECTED] writes: Jun 13 11:05:01 spock /bsd: pf: NAT proxy port allocation (50001-65535) failed this almost sounds like you have something else which grabs these ports. do you, intentionally? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team

Re: Sometime NAT, sometimes NOT?

Jun 13 11:05:01 spock /bsd: pf: NAT proxy port allocation (50001-65535) failed this almost sounds like you have something else which grabs these ports. do you, intentionally? Well I can't find anything that could block it. There is no ftp daemon or ftp proxy or whatever running on the box.

Re: Sometime NAT, sometimes NOT?

On 2007/06/13 11:12, Geraerts Andy wrote: Brian, Despite the fact that I get tons of State Failures I see this strange message : Jun 13 11:05:01 spock /bsd: pf: NAT proxy port allocation (50001-65535) failed Can this be the cause of my errors? Yes, you have run out of available ports

Re: Sometime NAT, sometimes NOT?

Jun 13 11:05:01 spock /bsd: pf: NAT proxy port allocation (50001-65535) failed Can this be the cause of my errors? Yes, you have run out of available ports to NAT from. The straightforward answer is to NAT from a larger pool of addresses i.e. nat ... - { 1.1.1.1, 2.2.2.2, 3.3.3.0/24} The

Re: Sometime NAT, sometimes NOT?

Good catch on this guys. We should remember that most modern NAT is PAT, or hybrid NAT+PAT. You should ask your ISP for more space to NAT to (A NAT+PAT hybrid pool). Cisco calls it overloading. Reminds me of a Soundgarden song. ~BAS On Wed, 2007-06-13 at 12:03 +0100, Stuart Henderson wrote:

Re: Sometime NAT, sometimes NOT?

pfctl -x loud tail -f /var/log/messages ~BAS On Mon, 11 Jun 2007, Geraerts Andy wrote: We have an OpenBSD firewall running for a while now. Since a few days we encounter some sort of selective natting. I try to ping a host, I get reply, and 2 minutes later I try to ping the same host

Re: Sometime NAT, sometimes NOT?

We have an OpenBSD firewall running for a while now. Since a few days we encounter some sort of selective natting. I try to ping a host, I get reply, and 2 minutes later I try to ping the same host and I dont get replies. So despite the state being created in both instances, you see a

Re: Sometime NAT, sometimes NOT?

On Fri, 8 Jun 2007, Geraerts Andy wrote: We have an OpenBSD firewall running for a while now. Since a few days we encounter some sort of selective natting. I try to ping a host, I get reply, and 2 minutes later I try to ping the same host and I dont get replies. So despite the state being

Sometime NAT, sometimes NOT?

We have an OpenBSD firewall running for a while now. Since a few days we encounter some sort of selective natting. I try to ping a host, I get reply, and 2 minutes later I try to ping the same host and I dont get replies. Running tcpdump learned us that the packet isnt always being natted.