hmm, I always use keep state keep frags in my pass out statement. Could this be an issue?
--Wes On Friday, October 11, 2002, at 12:09 PM, Iain Morgan wrote: > Hello, > > We have ipf v3.4.29 running on a Solaris 8 system. For the most part, > things work correctly. However under some circumstances established > TCP connections seem to fail par way through. > > This is particularly noticable when the system is backed up by piping > the > output of ufsdump through ssh to our mass storage system. What appears > to > be happening is that the incoming packets cease to match the > state-table > entry. The outgoing packets continue to match the entry. > > I have a kludge that works around the issue, but I was wondering if > anyone had any similar problems and perhpas a better solution. > > The relevant rules in the ipf.conf are: > > block in log all > pass out proto tcp from any to 129.99.0.0/16 port = 22 flags S keep > state > > # Special handling for lou to allow backups to work > pass in proto tcp from 129.99.248.41 port = 22 to any > > I've used ipfstat -t to confirm that an entry for the connection does > get created and is mode 4/4. I've tried using ipmon and snoop to > pinpoint > the problem to no avail. > > Thsi problem occurs with both 3.4.28 and 3.4.29. The Sun Workshop 6.0U1 > compiler was used to build ipf. > > -- > Iain Morgan > NAS Desktop Support Group >
