From: Harry Hoffman (hhoffman@ip-solutions.net)
Date: Tue Mar 11 2003 - 02:49:16 EST
Hi Everyone,
We are running a 15k, Solaris 8, with 2 network interfaces. The setup is IPMP,
for outbound loadbalancing. We are also running IpFilter (Darren Reed's) to
provide host based firewalling for the domain.
We have a ruleset to allow SSH incoming and to also keep state:
pass in quick proto tcp from any to any port = 22 flags S keep state
This seems to initially work just fine. However if there is not input (via
keybd) for about 30 sec. then the connection freezes for close to 2min.
My initial thought is that the connection comes in via hme0 and ipfilter creates
an entry in the state table. Solaris then tries to send out via hme1 and
ipfilter gets confused because (perhaps) the source ip has changed.
Has anyone else experienced this? And if so is there a way to work around this?
Should I put the IPMP into Active->Standby as opposed to Active->Active?
TIA,
Harry
-- Harry Hoffman ITSS Systems Team Leader University of Auckland hhoffman@auckland.ac.nz hhoffman@ip-solutions.net STANDARD DISCLAIMER: ********************************************** *This universe shipped by weight, not volume.* *Some expansion may have occured in shipping.* ********************************************* ------------------------------------------------- This mail sent through IpSolutions: http://www.ip-solutions.net/ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:58 EDT