<SNIP> On Mon, July 23, 2012 04:12, Damien Fleuriot wrote: > > > On 7/23/12 7:31 AM, Jason Mattax wrote: >> >> based on that I could easily upgrade to 8.3, or possibly 9.0 tomorrow if >> I have the inclination. >> > > I can recommend 8.3, we're using it widely in production. >
Thanks. > >>> 2/ When the problem appears. Have you tried disabling PF ? (pfctl -d) >>> Does it help ? >>> >> Since I can consistently reproduce the problem with en.wikipedia.org I >> have a good way to test. When I run pfctl -d on the firewall it looks >> like no traffic is being forwarded, including DNS so I eventually get a >> notice that the web page timed out because I typed the address wrong. >> That is as opposed to the web browser saying waiting for >> en.wikipedia.org (and if I recall correctly occasionally getting the >> redirect to en.wikipedia.org/wiki/Main_Page.) I just tested and got >> stuck at the waiting for en.wikipedia.org for a couple of minutes before >> I called it good enough to report here. >> > > Keep in mind that after disabling PF you don't get NAT anymore from your > workstations through the firewall. > > So any test you run while PF is disabled has to be run from the PF box > itself. > That's what I thought, but the firewall itself can see the outside network just fine whether pf is running or not (I just rechecked that.) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
