Re: Problems after IP change

• Previous message: David Landgren: "Re: Is there a Complete "Package"(NOT Ports) for: [Apache+PHP+MySQL+Mod_SSL+Mod_Perl] ?? - newbie+3"
• In reply to: Steve Bertrand: "Re: Problems after IP change"
• Next in thread: Steve Bertrand: "Re: Problems after IP change"
• Reply: Steve Bertrand: "Re: Problems after IP change"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Steve Bertrand" <iaccounts@ibctech.ca>
Date: Wed, 28 Jul 2004 16:37:23 +0000

On Wednesday 28 July 2004 15:23, Steve Bertrand wrote:
> > Yes, it works, but of course I can't leave this rule in all the time.
>
> The SYN/ACK packet that comes back from the remote server is denied by
> rule
>
> > 01900. But it should be allowed by the check-state rule.
> >
> >> Also, I know you haven't changed anything, but what does the output
>
> from
>
> >> this command state?:
> >> # sysctl net.inet.ip.forwarding
> >
> > It is set to 1. I changed this a long time ago.
>
> I figured so...what happens if you add 'keep-state' to rules 20000, 20002
> and 20003?

Nothing.
BTW, here we have the problem: The initial SYN packet isn't matched by rule
11700 (setup keep-state). Setup means the SYN flag is set, right? So why is
it not matched? If I remove the "setup" keyword to match all outgoing
packets, the SYN/ACK from the server is still denied by rule 01900.

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: David Landgren: "Re: Is there a Complete "Package"(NOT Ports) for: [Apache+PHP+MySQL+Mod_SSL+Mod_Perl] ?? - newbie+3"
• In reply to: Steve Bertrand: "Re: Problems after IP change"
• Next in thread: Steve Bertrand: "Re: Problems after IP change"
• Reply: Steve Bertrand: "Re: Problems after IP change"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]