On Sat, 21 Nov 2009 23:36:33 +0600, Victor Lyapunov <fullblastst...@gmail.com> wrote: >> This kind of thing is often due to a mtu blackhole - when a larger >> email causes a full size IP packet to be sent. I don't see why PF >> should make a difference though, IFAIK it's supposed to let ICMP through >> when it's learned state on a tcp connection. > > Thanks for your answer. > Don't know whether it is relevant to the particular issue, but i tried > both rulesets first with `scrub in all fragment reassemble` and > another one without it, but neither worked for me. I'm kinda upset by > the fact that pf can't handle large emails. > > Any other ideas how to possibly fix it, please?
If on FreeBSD 7 or higher you can get rid of the keep state. It's implicit. Secondly, please test if the problem disappears by removing the rules and simply allowing outgoing traffic. Your rules would be: scrub in on $ext_if fragment reassemble block in on $ext_if pass out on $ext_if from $int_if:network to any If that works, then your problem is likely that you're creating 2 states for one connection causing confusion. -- Mel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"