Duncan Patton a Campbell wrote:
This sounds like a timing/fragmenting problem. Google
blasts things out big and smooth. Most sites you see
a lot more chatter on the tcp layer. If you have another
machine with a different stack (Sun/Linux..) put it on
the inside of the firewall and see what happens. Or
use a sniffer and look.
thx for the advice duncan. others share your suspicion of packet
fragmenting or something similar.
will post back after doing a more thorough investigation.
cheers,
jake
Dhu
On Mon, 07 Apr 2008 20:37:10 -0500
Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
have spent a fair deal of time working with pf and have just seen what
appears to be quite a bizarre problem:
topology is (internet)--pppoe--(openbsd fw - running
4.2-release)--switch--(wired/wifi router).
a winxp host connected to the wifi router has no problem viewing
webpages, etc, however, a macosx host connected to the wifi router gets
packets randomly (AFAICT) dropped by the openbsd fw. google seems to
load fine on the macosx machine but other sites will not load with any
regularity. the packet dropping has been observed on the firewall using
'tcpdump -nettvi pflog0' and packets were being blocked on the internal
internal interface, either em2 or vlan2, until the pf rule 'pass on
$int_if' was changed to 'pass on $int_if no state'. then packets started
getting blocked on the external interface, despite a rule 'pass out on
$ext_if' as a catch-all at the end of the ruleset. the rule that shows
as being the blocker is 'block log all', the first rule in the set.
so in essence, i see rules that are not being obeyed in the pf ruleset,
but only for the macosx host and not the winxp one. the macosx firewall
is turned off and i can ssh from the macosx host to the openbsd fw just
fine. i can also ping fine from the macosx host, so dns and routing are
working.
clues as to wtf is going on would be appreciated. can supply more
detailed info on request.
cheers,
jake
--
