Gateway FreeBSD done after the QQ I have a bar to do with FreeBSD+ipfilter 3.1 Gateway, the computer below the QQ not receive regular news, if QQ offline again on the line that had not received the news will suddenly out QQ version of the heavy equipment came to do, but other normal game, you do not know whether this experience to share that Thank you! I ipf rules (rl1 accept external networks, fiber-optic public network address) : Block in quick all with ipopts Block in quick all with frag Block in quick all with short Block in quick proto tcp/udp from any to any port 134, "140; Block in quick proto tcp/udp from any to any port = 445 Block in quick proto tcp/udp from any to any port = 593 Block in quick proto tcp/udp from any to any port = 1434 Pass in quick on rl0 all Pass out quick on rl0 all Pass in quick on lo0 all Pass out quick on lo0 all Block out quick on rl1 all head 11 Pass out quick on rl1 from any state to keep any group of 11 Block in quick on rl1 all head 12 Pass in quick on rl1 proto tcp from any to any port = 22 flags S keep state group 12 Gateway FreeBSD done after the QQ Pass in quick on rl1 proto udp from any to any port = 4000 keep state In addition, your ipnat rules? Gateway FreeBSD done after the QQ I also tried the subject; This sometimes, and sometimes not; How can we solve? Add this provision will do it : pass in quick on rl1 proto udp from any to any port = 4000 keep state Gateway FreeBSD done after the QQ I ipnat.conf rules : Map rl1 192.168.0.0/24 ->; 0/32 proxy port 21 ftp/tcp Map rl1 192.168.0.0/24 ->; 0/32 proxy port 1720 h323/tcp Rl1 192.168.0.0/24 ->; 0/32 portmap tcp/udp auto map Map rl1 192.168.0.0/24 ->; 0/32 The same configuration in some places, nor, really do not know. Also, I want my Pass out quick on rl1 from any state to keep any group of 11 He said he has covered james_h Pass in quick on rl1 proto udp from any to any port = 4000 keep state Gateway FreeBSD done after the QQ I ipnat.conf rules : Map rl1 192.168.0.0/24 ->; 0/32 proxy port 21 ftp/tcp Map rl1 192.168.0.0/24 ->; 0/32 proxy port 1720 h323/tcp Rl1 192.168.0.0/24 ->; 0/32 portmap tcp/udp auto map Map rl1 192.168.0.0/24 ->; 0/32 The same configuration in some places, nor, really do not know. Also, I want my Pass out quick on rl1 from any state to keep any group of 11 He said he has covered james_h Pass in quick on rl1 proto udp from any to any port = 4000 keep state Gateway FreeBSD done after the QQ I ipnat.conf rules : Map rl1 192.168.0.0/24 ->; 0/32 proxy port 21 ftp/tcp Map rl1 192.168.0.0/24 ->; 0/32 proxy port 1720 h323/tcp Rl1 192.168.0.0/24 ->; 0/32 portmap tcp/udp auto map Map rl1 192.168.0.0/24 ->; 0/32 The same configuration in some places, nor, really do not know. Also, I want my Pass out quick on rl1 from any state to keep any group of 11 He said he has covered james_h Pass in quick on rl1 proto udp from any to any port = 4000 keep state Gateway FreeBSD done after the QQ Some QQ is taking the PORT:8000 Gateway FreeBSD done after the QQ I have done this FreeBSD agents have also bars such case, the solution is for agents Use RedHat, it is estimated that the version of FreeBSD Gateway FreeBSD done after the QQ According to the test, the basic set with ipfilter version, I do have two places with ipfilter 3.4.31 of this problem, as a place for the phenomenon disappeared after ipfilter 3.4.35, no configuration changes. yet another place with the testing ipfilter 3.4.31. I used to do a lot of other ipfilter 3.4.33 of the problem did not search the Internet for a moment the article, a response to some ipfilter 3.4.31 of the state table, I do not know how that Gateway FreeBSD done after the QQ Block in quick all with ipopts Block in quick all with frag Block in quick all with short These can be removed from a sentence. [ Closed window ]