IPFW - Keep State
Grant Peel
gpeel at thenetnow.com
Fri Aug 31 06:39:44 PDT 2007
I don't use NAT, so is there any other compelling reasons? Speed etc?
-Grant
----- Original Message -----
From: Mel
To: freebsd-questions at freebsd.org
Sent: Friday, August 31, 2007 9:21 AM
Subject: Re: IPFW - Keep State
On Friday 31 August 2007 14:34:51 Grant Peel wrote:
> In a nutsheel, is it really necessary, or is thier a really compelling
> reason to use keep-state for a normal web - email server?
>
> I sometimes see "Too many dynamic rules" and can see a correlation between
> customer complaints and these log entries.
>
> My server all have about 200 rules, most of them counters for bandwidth
> accounting.
It is necessary for NAT, since it doesn't know what to do with replies from
webservers otherwise (internet:80 => $ext_addr:high_port = what?)
--
Mel
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
------------------------------------------------------------------------------
Total Control Panel Login
To: gpeel at thenetnow.com Block messages from this sender (blacklist)
From: owner-freebsd-questions at freebsd.org Remove this sender from my whitelist
You received this message because the sender is on your whitelist.
More information about the freebsd-questions
mailing list