On 2003.01.29 21:34:50 +0000, Trent Nelson wrote: > If I had to take a wild guess, I'd say that the keep-state setup > rules added dynamically are expiring too quickly, and thus, subseq- > uent traffic is hitting the ``deny tcp from any to any established'' > rule. Yes this happens with ipfw1. You can use ipfw2 (which sends keep-alive for tcp connections) or increase the lifetime of dynamic rules. I'm using ipfw2 and it works fine - I had the same problem with ipfw1.
-- Simon L. Nielsen
msg08205/pgp00000.pgp
Description: PGP signature
