Stateful inspection on gateway can hamper tcp-connections, when
inbound or outbound packets goes another route (i.e. when one of
directions not goes thru gateway).
kpo well, yeah. How is a firewall supposed to deduce state if it doesn't
kpo see any replies? psychic deduction?
You,
Following configuration is for load-balancing 2*2,3Mbit HDSL lines with
round-robin sticky-address features.
But I got this problem:
when there is few users- load balancing works great, but with 50 and
more users periodically stops working msn-messenger and anyone unable to
open any website,
PM My firewall is pretty tight. I block all incoming by default and let out
only certain
PM destination ports. I'm currently filtering on external interface only.
PM Now I decided to do a check on all outgoing traffic
PM (filtering out of course the allowed ports)
PM and I made an interesting
On Wed, 2004-11-24 at 01:32, Ilya A. Kovalenko wrote:
Greetings,
Just note.
Stateful inspection on gateway can hamper tcp-connections, when
inbound or outbound packets goes another route (i.e. when one of
directions not goes thru gateway).
Connection works fine on low rate,
--- Ilya A. Kovalenko [EMAIL PROTECTED] wrote:
PM My firewall is pretty tight. I block all incoming by default and let out
only certain
PM destination ports. I'm currently filtering on external interface only.
PM Now I decided to do a check on all outgoing traffic
PM (filtering out of
On Nov 25, 2004, at 8:55 PM, William Gan wrote:
I have a question regarding PF
Internet - FW - Local Area Network
|
|
IDS
Is there a way of forwarding an incoming packets from the internet to
two separate interface?
The IDS has no IP address..
Gah, this is the 2nd time in a week I've cc'd the wrong list. Sorry.
-J.
On Nov 25, 2004, at 10:01 PM, Jason Dixon wrote:
On Nov 25, 2004, at 8:55 PM, William Gan wrote:
I have a question regarding PF
Internet - FW - Local Area Network
|
|
JO i will assume that you do not have delusions that this should work with
JO NAT-ed connections, because it most certainly will not.
of course, it will not, because pf must alter both directions.
