Darren,
If I change my port 25 rule from:
pass in quick proto tcp from any to 137.146.28.72 port = 25 flags S keep
state keep frags
pass out quick proto tcp from 137.146.28.72 to any port = 25 flags S keep
state keep frags
to:
pass in quick proto tcp from any to 137.146.28.72 port = 25
pass out quick proto tcp from 137.146.28.72 to any port = 25
Then all/most of my email traffic halts. I am using Sun multipathing,
and there is some kind of interaction between ipfilter, keep state, and
the two interfaces (one of which should be silent, but isn't). I had
similar issues with my webmail servers, a person in Australia, and a
VPN connection from there. In that case, the problem was fixed by adding
"flags S keep state" to my port 80/443 ipfilter lines.
Still puzzling over my rules...
Jeff Earickson
Colby College
On Mon, 5 Mar 2007, Darren Reed wrote:
Date: Mon, 05 Mar 2007 23:04:30 -0800
From: Darren Reed <darrenr@reed.wattle.id.au>
To: Jeff A. Earickson <jaearick@colby.edu>
Cc: ipfilter@coombs.anu.edu.au
Subject: Re: insight on S10 ipfilter patch 125014-02?
Jeff,
if you use stateless filtering for por 25, does that solve your problem?
darren
|