Peter wrote: > I have a user that is on WinXP. She uses Microsoft's Remote Desktop > to connect to a remote server (TCP port 3389). I have installed > OpenBSD > 3.8 to act as firewall for the office. She complains of serious > intermittent latency problems for this particular network usage > (internet browsing is fine and is corroborated by other office users). > > I have a very simple ruleset which uses 'keep state' for all outgoing > requests. I actually keep state on all outgoing destination ports > greater than 1024 (intended initially for passive FTP). > > Now I recalled XP's pseudo-firewall that is enabled by default and > ever since turning it off she has not experienced any more slowdowns. > > Since I have yet to be alerted when the problem occurs I have not been > able to capture any pertinent traffic. > > I am wondering whether the XP firewall could be to blame and why? Or > is it just a coincidence and the latency is going to happen again in > which case I am asking people what do they think I should look at? I > have since begun making long term tcpdump captures using pflog0.
I don't know what the issue is, but since the issue is resolved by disabling the Windows firewall, I'd start looking there--perhaps by enabling the firewall again and reviewing the Windows firewall log at \Windows\pfirewall.log. Alternatively, you can tcpdump the internal interface of the OpenBSD box while the issue is occurring.
