[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Note: states with asymmetric routing



>   Stateful inspection on gateway can hamper tcp-connections, when
> inbound or outbound packets goes another route (i.e. when one of
> directions not goes thru gateway).
well, yeah. How is a firewall supposed to deduce state if it doesn't
see any replies? psychic deduction?
> 
>   Connection works fine on low rate, but fast transfers stops on
> each 64K (because suddenly PF stops passing packets).
> 
>   I guess, it is not bug, just some feature (like some
> tcp-window-related state protection). So think, is there reasons to
> correct this PF behavior.
Correct? If you can design a prescient packet filter, then more power to you.
-kj