On Tue, 2009-06-23 at 21:52 +0200, Arno Lehmann wrote:
> Hi,
> 
> 23.06.2009 17:04, Dirk Bartley wrote:
> > Sure,  iptables allows for connection based rules as well as the old
> > ipchains style rules based rules.
> > 
> > So your probably using connection based rules like :
> > iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT 
> > iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
> > 
> > just add something like
> > 
> > iptables -A INPUT -p tcp --source fd_dmz_ipaddress --destination
> > sd_internal_address --dport 9103 ACCEPT
> 
> Yup. That should work.
> 
> But back to your problem, Dirk: Have you tried the "heartbeat 
> interval" setting? That should generate some traffic so that the pix 
> doesn't time-out the seemingly stale connection.

Had not looked at that option.  There are a few of them.  I'm no TCP
expert, but I'm a little skeptical that this will do the trick.  The
timing from the firewall logs show a connection established and 2 mintes
later a teardown.  That seems awful fast for a timeout.  Which I'm just
guessing this is not.

I'll try it and see if it helps.  It's a job that takes two hours!
ackk.

Dirk
> 
> Arno
> > 
> 


------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users