I'm behind an OpenBSD firewall, but it uses no "keep state". Anyway, I
tried just now to temporarily disable PF on the firewall (and in my PC
too) but nothing changed.
Thanks.
Tim Kuhlman wrote:
Are you using pf at all? This sounds similar to the issue I had with my pf
rules not too long ago. In a nutshell rfc1323 defines tcp window scaling and
the scaling factor only shows up in the syn packet of a tcp connection. So
you have to make sure you only match state based on the syn packet (ie
use "flags S/SA"). If you are matching state based on anything else you miss
the scaling factor and thinks are messed up.
From your description it sounds like these machines are endpoints and not
firewalls. If that is the case you could just temporarily turn off the
firewall and see if it fixes things.
Tim
On Monday 05 March 2007 7:07 am, Federico Giannici wrote:
If someone want to reproduce the problem, here it is the address of the
web site:
https://www.bancadipalermo.it/index.jsp
In this first page, often (about half of times) the "Sella.it Banca di
Palermo" image in the top left corner doesn't load. Inside the site,
there are many other parts that often don't load.
Disabling RFC1323 everything works perfectly.
Bye.
Federico Giannici wrote:
Since I upgraded my two desktops to OpenBSD i386 4.0-stable I started
experiencing problems with the web site of my Bank. Often, but not
always, some pages and images don't load and go in timeout. This happens
with both Firefox and Konqueror.
Now I just found that if I disable the RFC1323 with "sysctl
net.inet.tcp.rfc1323=0" the problem disappear!
Since I had no problem with that web site until the upgrade and there is
no problem with Windows (from 98 to XP), I suspect that something broked
in the OpenBSD implementation of RFC1323 between 3.9 and 4.0.
Is there some known problem?
Thanks.
P.S.
In one of my PC I upgraded to 4.1-beta of a week ago (for the i386
freezes with amd64) and the problem remains...
--
Tim Kuhlman
Network Administrator
ColoradoVnet.com
--
___________________________________________________
__
|- [EMAIL PROTECTED]
|ederico Giannici http://www.neomedia.it
Presidente del CDA - Neomedia S.r.l.
___________________________________________________
