On Wednesday 28 July 2004 15:23, Steve Bertrand wrote: > > Yes, it works, but of course I can't leave this rule in all the time. > > The SYN/ACK packet that comes back from the remote server is denied by > rule > > > 01900. But it should be allowed by the check-state rule. > > > >> Also, I know you haven't changed anything, but what does the output > > from > > >> this command state?: > >> # sysctl net.inet.ip.forwarding > > > > It is set to 1. I changed this a long time ago. > > I figured so...what happens if you add 'keep-state' to rules 20000, 20002 > and 20003?
Nothing. BTW, here we have the problem: The initial SYN packet isn't matched by rule 11700 (setup keep-state). Setup means the SYN flag is set, right? So why is it not matched? If I remove the "setup" keyword to match all outgoing packets, the SYN/ACK from the server is still denied by rule 01900. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
