Hi all,
Is anyone using "reassemble tcp" with scrub ? Been using this for years
without problems, now all of a sudden having trouble with SMTP echange
with someone, here is the definition I use, on OpenBSD 5.4:
match in all scrub (no-df max-mss 1440 random-id reassemble tcp)
If I telnet port 25 to the other side, I can see sendmail's greeting,
but as soon as I go with "EHLO me.dot.com", no more response, it hangs,
and I see PF sending "icmp host unreachable" to the other side. And if I
remove "reassemble tcp" all goes fine.
I talked to the guys on the other side, their firewall is netasq, and
they don't see anything unusual.
Thanks,
