Subject: Re: kern/11670: ipf eventually blocks all traffic (thus ignoring any rules set)
To: Stephen Welker <email@example.com>
From: Manuel Bouyer <firstname.lastname@example.org>
Date: 12/10/2000 14:41:57
On Sun, Dec 10, 2000 at 02:08:25AM +1100, Stephen Welker wrote:
> I did not use 1.4.2 (problems with AppleTalk), I have upgraded from 1.4.1.
> I do use NAT (1 rule, last minute patch not applied). Rule follows..
> map ppp0 192.168.1.0/24 -> 188.8.131.52/32
> My NAT & ipf config have not changed since 1.4.1 in reference to the
> services that fail.
> I have compiled a seperate kernal that logged blocked packets. The ipmon
> log (local0) showed along with others (squid) that the return packets were
> being blocked (yes I have set the "keep state"). Sample ipmon log entry
> Dec 6 17:47:26 hermes ipmon: 17:47:25.335973 ppp0 @0:15 b
> mail2.bigpond.com,25 -> mx.nemostar.com.au,65211 PR tcp len 20 65 -AFP IN
> Rule 15 is the catch all "block all" rule.
Ok, I don't use "keep state", maybe there's a bug in this code.
When connections don't work could you try a 'ipfstat -s' to see the
state informations ?
Manuel Bouyer <email@example.com>