On So, 17 Okt 2004, Oliver Humpage wrote:
State only works on the interface on which it was created. You will
need another keep state rule on the external interface allowing
packets out.
pf.conf(5) says that state is floating by default. So in my
opinion it should not be necessary
On Sunday, Oct 17, 2004, at 14:15 US/Pacific, [EMAIL PROTECTED]
wrote:
On So, 17 Okt 2004, Oliver Humpage wrote:
State only works on the interface on which it was created. You will
need another keep state rule on the external interface allowing
packets out.
pf.conf(5) says that state is
Is there any documentation that explains why it is done that way? Or
everyone here has gathered this information by the means of trials and
errors?
-Original Message-
From: Oliver Humpage [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 17, 2004 10:24 PM
To: Andrey Nepomnyaschih
Cc:
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2004-10-18 10:50]:
On So, 17 Okt 2004, Oliver Humpage wrote:
State only works on the interface on which it was created. You will
need another keep state rule on the external interface allowing
packets out.
pf.conf(5) says that state is floating by
on 18/10/04 1:35 am, Trevor Talbot at [EMAIL PROTECTED] wrote:
On Sunday, Oct 17, 2004, at 14:15 US/Pacific, [EMAIL PROTECTED]
wrote:
On So, 17 Okt 2004, Oliver Humpage wrote:
State only works on the interface on which it was created. You will
need another keep state rule on the external
Hi
I have to set up traffic shapping for clients in LAN. Every client needs
256Kbit download speed and 128Kb upload speed. But I don't know how to do
it. Clients use NAT for Internet access so I can't limit outgoing traffic on
ext. interface for local IPs in LAN.
Can you help me?
Thanks a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi !
Is altq info also synced with pfsync from box1 to box2? Or will a failover
session have an unlimited bandwidth if the altq info is not transferred?
And what is not synced with pfsync (if any)? Differences 3.5 to 3.6?
Thanks
/Per-Olov
On Monday, Oct 18, 2004, at 02:38 US/Pacific, Oliver Humpage wrote:
States always match address pairs directionally. Even though
floating is not physically tied to an interface, the packets on the
external interface will be going the wrong way with respect to
their addresses, and won't match
I'm not sure what benefit you think you're getting from forcing the
ftp to come from the carp address. If the machines swap state (master
fails), the ftp will fail also as it's relying on a userland process
to facilitate it. You might want to check out ftpsesame
