|
||||||||
Just m0n0wall or sometimes you can just reset the state, its only occasionally that it happens with FTP (or at least from what I have seen) I may go 2 weeks without it happening, other times maybe 2 days (I think it is server dependent), and we do lots of FTP transfers in our offices. -Eric At 12:37 PM 8/6/2004 -0700, Joe Lagreca wrote: >You say reboot. Do you mean the local machine, the m0n0wall of the router? > >I think this is the way I will go. I was just a little afraid because >of a story I heard. Thanks for the info. > >Joe > > >On Fri, 06 Aug 2004 12:04:55 -0700, Eric Collins <eric at tawifi dot com> wrote: > > NAT behind NAT works pretty good for us in most cases, one thing I have > > noticed is that FTP states get a little weird sometimes, nothing a quick > > reboot won't fix. > > > > -Eric > > > > > > > > At 11:53 AM 8/6/2004 -0700, Joe Lagreca wrote: > > > > >If I set each router to pass IPSEC traffic, will that solve the problem? > > > > > >I don't see this being a big problems, as most users will probably not > > >use an IPSEC VPN. However I'm not positive they won't use it, and > > >would like to have everything setup so they can do pretty much > > >anything without a hitch. > > > > > >Thanks. > > > > > >Joe > > > > > > > > >On Fri, 06 Aug 2004 14:14:23 -0400, Melvin Backus <mbackus at bellsouth dot net> > > >wrote: > > > > > > > > > > > > Joe Lagreca wrote: > > > > > > > > >I have a /29 network with 5 useable external IP addresses. I want to > > > > >share my connection with others. However I expect more than 5 other > > > > >people wanting to share my connection, so I will need some sort of NAT > > > > >incorporated into my design. I am using m0n0wall as my main gateway, > > > > >and off the shelf wireless routers at each users location. > > > > > > > > > >While laying out my network, I repeatedly ended up with a NAT behind a > > > > >NAT design. I wasn't sure if that was an acceptable or poor design. > > > > >I've read of others doing this (that doesnt necesarily make it > > > > >correct) and was wondering what others thought about it. > > > > > > > > > >If I do use it in my design, what sort of problems should I expect and > > > > >how can I overcome them? > > > > > > > > > >Joe > > > > > > > > > > > > > > It will certainly work, but one of the problems you can expect would be > > > > issues with IPSec connections. They don't work well with NAT unless > > > > there are modules in place to allow them to pass through. That's sort > > > > of a kludge which has been accepted and works OK, but when you end up > > > > with more than 1 level it doesn't work anymore. That isn't normally > > > > much of a problem unless you wind up with someone who's trying to > > > > connect to a VPN which happens to use IPSec. > > > > > > > > Melvin > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > > > > > > > > > >--------------------------------------------------------------------- > > >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > > >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |