Hello, We have ipf v3.4.29 running on a Solaris 8 system. For the most part, things work correctly. However under some circumstances established TCP connections seem to fail par way through.
This is particularly noticable when the system is backed up by piping the output of ufsdump through ssh to our mass storage system. What appears to be happening is that the incoming packets cease to match the state-table entry. The outgoing packets continue to match the entry. I have a kludge that works around the issue, but I was wondering if anyone had any similar problems and perhpas a better solution. The relevant rules in the ipf.conf are: block in log all pass out proto tcp from any to 129.99.0.0/16 port = 22 flags S keep state # Special handling for lou to allow backups to work pass in proto tcp from 129.99.248.41 port = 22 to any I've used ipfstat -t to confirm that an entry for the connection does get created and is mode 4/4. I've tried using ipmon and snoop to pinpoint the problem to no avail. Thsi problem occurs with both 3.4.28 and 3.4.29. The Sun Workshop 6.0U1 compiler was used to build ipf. -- Iain Morgan NAS Desktop Support Group
