On Fri, 2008-12-05 at 06:01 -0700, Darrin Chandler wrote: > Stephan, > > On Fri, Dec 05, 2008 at 09:14:10AM +0100, Stephan A. Rickauer wrote: > > > > $ lynx -dump -head http://cds.sun.com > > > > The matching pf rule is: > > pass in log quick inet proto tcp to port http synproxy state > > (with default pass out policy) > > > > However, the http connection stalls. Changing the above rule to: > > pass in log quick inet proto tcp to port http modulate state > > > > "fixes" the stall and the header is transmitted by the webserver just > > fine. > > Does this happen with hosts other than cds.sun.com?
I have witnessed it myself with a different site that I completed a checkout with. I can't reproduce it again without ordering more stuff ;) Even if it is likely a 'sun' problem I thought I'd better report it here, since it might be a possible border case that could trigger a wrong synproxy behaviour. Were the tcpdump's helpful at all? -- Stephan A. Rickauer ----------------------------------------------------------- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 Zurich Web www.ini.uzh.ch
