Hi! I'm running OpenBSD 3.9 GENERIC as a NAT router.
If I add the "reassemble tcp" option to my scrub rule in pf.conf, I have trouble connecting to some sites, particulary ebay (ebay.de, ebay.at and ebay.com as well as e.g. kaufen.ebay.de) and some other few sites, from a machine behind the NAT router. Connects time out or have long delays if the site responds at all. If connecting directly from OpenBSD, using lynx or squid running on the router, there is no problem. If I omit "reassemble tcp" everything works fine, i.e. with: scrub all no-df fragment reassemble random-id I've never noticed the problem before because I was running the squid proxy on the router. Now I've moved it to a different machine which is NATted too. Please note that it is not a squid issue as timeouts occur regardless of proxy use if on a NATted machine. Unfortunately I cannot determine why only some sites have troubles and that's why I seeking advice here on howto further diagnose the problem. Any hints are appreciated! Regards, Walter
