Updating PF to OpenBSD Release 4,1
c.turner at 199technologies.org
Fri Jul 23 13:12:47 PDT 2010
On Fri, Jul 23, 2010 at 07:51:48AM +0200, Jan Lentfer wrote:
> Matthew Dillon schrieb:
> > default to be that a router reboot causes all active TCP connections
> > to get RST'd.
I think the 'openbsd preferred' way for 'router reboots' is to carp +
pfsync 2 routers and do any maintenance updates that way..
of course this presupposes sufficient hardware..
IIRC pfsync is a 'versioned' protocol so it's forward compatible with
itself.. which brings up carp + pfsync - was this tested / does this apply?
(I recall some breakage previously -
don't remember if that was sorted out or not..)
> Hmm... I use PF on OpenBSD 4.6 as my primary router to internet. I am
> quite sure that rdr rules are subject to nat'ing but I will try to
> create a test setup to evaluate.
am currently sshed in to a df machine behind a ssh-port forwarded openbsd
soekris that is on a nat behind another port forwarded nat (some linksys box)
so yeah - works for me too - also worked on 2.4 dragonfly IIRC with
http rdr + nat - before I setup the soekris I had a 2-node mini net
on the same 'wide area lan' linksys setup.. so works in the 'reference'
and I 'm pretty sure it worked on 2.4 (maybe 2.5) dragonfly too..
can send pf.conf from both along if that would help if perhaps there
is some unknown bug..
oh right - and THIS IS AWESOME GOOD JOB!
More information about the Kernel