[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Four-port bridge?



On Thu, Mar 20, 2003 at 07:53:45PM +0100, Jonathan (Listserv) wrote:
> On the remaining interfaces, everything is allowed. One segment has 
> an Exchange server, another segment the clients. Clients are having 
> problems with Outlook not responding, problems they didn't have in 
> the old setup (Linux router with internal address ranges).
Do your logs provide any insight?  You might want to change the
state table optimization to something like conservative and see if
the problem subsides.
 
> Do rules on the external interface apply to packets that travel over 
> the other interfaces somehow? I haven't been able to reproduce the 
> problem, tried with the full ruleset and the most basic 'block in 
> all, pass out keep state' type rules on the external interface.
If a problem can't be reproduced, does it really exist?  the zen
of pf ruleset debugging ;)
- jolan