what do you mean by "no restrictions"?
if there are no restrictions, then the firewall is acting as a router that does
nothing to packets. the sysctl vars are only of concern on the client and
server.
on the gateway, the tcp stack is not concerned about forwarded packets.
if you have configured "pass" rules, then you should "keep state" in the first
place, so that I filter follows the TCP state.
At 19:10 15/11/00 +0000, Kelvin Koh wrote:
>Hi all,
>
>I'm implementing a 2 Arelnet VoIP boxes, one situated in a NAT-ed
>environment with ipfilter (lets call this box N), and the other not behind
>any firewall (box O). No incoming/outgoing restrictions are specified in
>the firewall which is linked to box N.
>
>A simple topology diagram:
>
> box O ---------- Public network ---------- FW -- box N
>
>
>FW's ipfilter version:
>
>- ipf: IP Filter: v3.4.14 (264)
>- Kernel: IP Filter: v3.4.8
>
>
>Calls can be established. However, the calls get terminated exactly after
>a minute. I modified the following parameters to the the stated values
>with sysctl:
>
>net.inet.ipf.fr_tcpidletimeout: 1800
>net.inet.ipf.fr_tcptimeout: 1800
>net.inet.ipf.fr_udptimeout: 1800
>net.inet.ipf.fr_icmptimeout: 600
>
>Calls still drop. I'm clueless. Any hints, guys?
>
>Regards,
>Kelvin Koh
>www.acks.org
>
>
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
