NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: family inet and parameter stateful | npf.conf
Hello Darrel,
Darrel <levitch%iglou.com@localhost> wrote:
> >> On my local network, using stateful with inet6 has not been a problem.
> >> Using stateful either in or out has been a problem when trying to use
> >> the 'remote desktop' application to login msft server 2008- where it
> >> is not a problem to login without using the 'stateful' parameter.
> >> Error message:
> >>
> >> ERROR: send: Network is unreachable
> >>
> >> <...>
>
> <...>
> I will also be retesting this configuration immediately to be sure
> that the information is all correct. I think that my problem is
> still current as of 'Sat Jul 7 08:13:43 EDT 2012'.
>
> (1) @ 3:20:49> uname -pr
> 6.0_BETA2 i386
For NPF table and IPv6 support fixes, you need the very latest netbsd-6
branch (or -current). Can you please update and try again?
If the problem still occurs, then can you describe the connection i.e.
what/where exactly is your source and destination?
Just to be sure -- when using "stateful", one should be aware that for
TCP connections the rule should apply for the initiating (SYN) packet.
If, for example, direction is confused and the rule is applied for the
reply (SYN-ACK) packet - connection tracking engine will not try to fix
it up and will eventually time out the state.
--
Mindaugas
Home |
Main Index |
Thread Index |
Old Index