--- On Wed, 10/15/08, Joseph Tam <[EMAIL PROTECTED]> wrote: > > | > > | I posted my problem about the Solaris10 installation > of IPFilter > > | > > | > ipf -V > > | ipf: IP Filter: v4.1.9 (592) > > > > What version of Solaris 10 are you using? > > > uname -a > SunOS testhost 5.10 Generic_127111-08 sun4u sparc > SUNW,Ultra-60 > > > And is the time it goes from working to not working > always about the same? > > That's a good question. My impression is not since > some of my test > hosts still get RST/ACK, but one of the test remote host > that worked > yesterday does not work today (<24hrs). It seems that > local network > hosts stay working for a long time (forever?), whereas > hosts in remote > networks are prone to this problem. > > This could be because of another quirk I noticed. On a > host that doesn't > receive RST/ACK, if I use it connect to another port that > is allowed (e.g. port > 22), the return-rst will start working on port 25. In > fact, a simple > ping does the trick. It's as if a successful pass > through ipf will > prime the return-rst to work. > > remote> telnet <target-ip> 25 > Trying <target-ip>... > [long pause: interrupt]^C > > remote> ping <target-ip> > <target-ip> is alive > > remote> telnet <target-ip> 25 > Trying <target-ip>... > telnet: Unable to connect to remote host: Connection > refused > > I ran a script that test how long it takes for the > return-rst to fail > from a host that doesn't normally connect. These are > the times in > seconds from the initial ping to when return-rst no longer > works: > > 407 192 308 206 1030 329 1125 1066 993 > > and some that exceeded my patience. No pattern I can > discern. >
Just taking a random stab at this, but do you happen to have any Dell servers on your network by chance? http://opensolaris.org/jive/thread.jspa?messageID=208934
