On Tue, 14 Oct 2008, Darren Reed wrote:
|
| I posted my problem about the Solaris10 installation of IPFilter
|
| > ipf -V
| ipf: IP Filter: v4.1.9 (592)
What version of Solaris 10 are you using?
> uname -a
SunOS testhost 5.10 Generic_127111-08 sun4u sparc SUNW,Ultra-60
And is the time it goes from working to not working always about the same?
That's a good question. My impression is not since some of my test
hosts still get RST/ACK, but one of the test remote host that worked
yesterday does not work today (<24hrs). It seems that local network
hosts stay working for a long time (forever?), whereas hosts in remote
networks are prone to this problem.
This could be because of another quirk I noticed. On a host that doesn't
receive RST/ACK, if I use it connect to another port that is allowed (e.g. port
22), the return-rst will start working on port 25. In fact, a simple
ping does the trick. It's as if a successful pass through ipf will
prime the return-rst to work.
remote> telnet <target-ip> 25
Trying <target-ip>...
[long pause: interrupt]^C
remote> ping <target-ip>
<target-ip> is alive
remote> telnet <target-ip> 25
Trying <target-ip>...
telnet: Unable to connect to remote host: Connection refused
I ran a script that test how long it takes for the return-rst to fail
from a host that doesn't normally connect. These are the times in
seconds from the initial ping to when return-rst no longer works:
407 192 308 206 1030 329 1125 1066 993
and some that exceeded my patience. No pattern I can discern.
Joseph Tam <[EMAIL PROTECTED]>
