On Sun, Dec 10, 2000 at 02:08:25AM +1100, Stephen Welker wrote:
> I did not use 1.4.2 (problems with AppleTalk), I have upgraded from 1.4.1.
> 
> I do use NAT (1 rule, last minute patch not applied). Rule follows..
> 
> map ppp0 192.168.1.0/24 -> 203.43.154.193/32
> 
> My NAT & ipf config have not changed since 1.4.1 in reference to the 
> services that fail.
> 
> I have compiled a seperate kernal that logged blocked packets. The ipmon 
> log (local0) showed along with others (squid) that the return packets were 
> being blocked (yes I have set the "keep state"). Sample ipmon log entry 
> follows...
> 
> Dec  6 17:47:26 hermes ipmon[79]: 17:47:25.335973             ppp0 @0:15 b 
> mail2.bigpond.com,25 -> mx.nemostar.com.au,65211 PR tcp len 20 65 -AFP IN
> 
> Rule 15 is the catch all "block all" rule.

Ok, I don't use "keep state", maybe there's a bug in this code.
When connections don't work could you try a 'ipfstat -s' to see the
state informations ?

--
Manuel Bouyer <bouyer@antioche.eu.org>
--