On Mon, 16 Jul 2012, Darrel wrote:
On my local network, using stateful with inet6 has not been a problem.
Using stateful either in or out has been a problem when trying to use the
'remote desktop' application to login msft server 2008- where it is not a
problem to login without using the 'stateful' parameter. Error message:
ERROR: send: Network is unreachable
The login screen actually appears and I can enter a password, then the
error appears in my 'xterm' window repeatedly until I kill the command.
I am using fwmn2.
Can you show your npf.conf ?
Hello Mindaugas,
First I will send my npf.conf, so that you can see it directly.
Please note that it is very basic thus far and you will probably
notice a few parameters which are not even being used at the moment
but rather are placeholders for potential future changes; e.g.,
bce0 is has no cable and it not used yet. Routing and NAT will be
implemented later, to solve the problem of addresses becoming
scarce. So the below config file is exactly as it currently exists.
I will also be retesting this configuration immediately to be sure
that the information is all correct. I think that my problem is
still current as of 'Sat Jul 7 08:13:43 EDT 2012'.
The login problem on the windows 2008 server seems to have disappeared.
I have been distracted with a Cisco 2900xl switch which needs to
get utilized considering my resources and environment. I do not
know if my npf problem disappeared after rebuilding netbsd-6 or
simply a config change. I have been experimenting sort of rapidly
but will take care to slow down and document changes moving forward.
This is a cleaner version of my config:
*******************************************************************
$if_ext = "re0"
vcs_tcp = { http }
$svcs_udp = { domain }
pftp= { 49151-65535 }# passive ftp, tcp
$tracert = { 33434-33600 } #traceroute, udp
$services6 = { ssh,www }
table <1> type hash file "/etc/incite"
xtable <3> type hash file"/etc/clients4"
table <4> type hash file "/etc/clients6"
able <5> type tree dynamic
procedure "log" {
log: npflog0
}
procedure "rid" {
normalise: "random-id"
}
group (name "external", interface $if_ext) {
block in final family inet from <1> to $if_ext pass stateful
out final family inet from $if_ext apply "rid" pass stateful
in family inet to $if_ext pass stateful out family inet6
from $if_ext pass stateful in family inet6 to $if_ext
}
group (default) {
pass final on lo0 all block all
}
*******************************************************************
Darrel