Get tcpdumps on both router interfaces with and without the reassemble
tcp option. Do this for a similar file on both a working website and
broken (ebay) website.
On both router interfaces? Wouldn't the external if be enough?
You're probably right. But my theory is that if you're going to
On Thu, 20 Jul 2006, Steve Welham wrote:
Get tcpdumps on both router interfaces with and without the reassemble
tcp option. Do this for a similar file on both a working website and
broken (ebay) website.
I have now. Got a dump of the following request (all on a single line):
wget -nd -O
Sorry, 'modulate tcp' was a thinko. I had been meaning to move
'modulate state' into the scrubber for a long time.
Reassemble TCP does aggressive TCP PAWs checks on the TCP timestamps.
It does the usual PAWs check to make sure a timestamp is not older than
the last echoed value - which is in
On Fri, 21 Jul 2006, Mike Frantzen wrote:
Reassemble TCP does aggressive TCP PAWs checks on the TCP timestamps.
It does the usual PAWs check to make sure a timestamp is not older than
the last echoed value - which is in theory a wrapped sequence number.
It also does its aggressive check to
On Friday 21 July 2006 18:38, Walter Haidinger wrote:
On Fri, 21 Jul 2006, Mike Frantzen wrote:
Reassemble TCP does aggressive TCP PAWs checks on the TCP timestamps.
It does the usual PAWs check to make sure a timestamp is not older than
the last echoed value - which is in theory a wrapped
Argh - It might help if I explain more. I have an OpenBSD 3.8 system
running as a transparent packet filter (TPF).
The OS X system is inside ($lanif). Apple's network - CIDR 17/8 is
outside ($wanif). A Cisco PIX is doing NAT. IP's on the $wanif side
that are inside the PIX are considered as
You're going to have to turn off 'modulate tcp'. One of the TCP
endpoints isn't following PAWs and stopped sending the TCP
Timestamps or someone is trying to blind hijack the connection.
More info - I ran a test scenario.
Here is a sample of the messages I get via syslog with set debug loud
It's a stab in the dark but I would start with the assumption that some
sites are using server load balancing and that reassemble tcp is
breaking this somehow.
Could be. Lets suspect poor load balancing because other big sites,
which most likely do load balancing too, work. eBay is just the
What is 'modulate tcp'?
modulate state works fine.
I get these errors only with scrub's reassemble tcp option
I originally assumed it was an Apple problem since I only had trouble
with the OS X Software Update feature.
Going back to the beginning of this thread - Walter Haidinger appears to
Hi!
I'm running OpenBSD 3.9 GENERIC as a NAT router.
If I add the reassemble tcp option to my scrub rule in pf.conf,
I have trouble connecting to some sites, particulary ebay (ebay.de,
ebay.at and ebay.com as well as e.g. kaufen.ebay.de) and
some other few sites, from a machine behind the NAT
Walter Haidinger([EMAIL PROTECTED]) on 2006.07.19 12:28:52 +:
Hi!
I'm running OpenBSD 3.9 GENERIC as a NAT router.
If I add the reassemble tcp option to my scrub rule in pf.conf,
I have trouble connecting to some sites, particulary ebay (ebay.de,
ebay.at and ebay.com as well as e.g.
On Wed, 19 Jul 2006, Sebastian Benoit wrote:
This sounds like a MTU problem. Either those sites are blocking
Unlikely. I have cable, not a PPTP/PPPoE link. Therefore, no packet
encapsulation. I'm aware of the MTU issue with ADSL.
ICMP-frag-needed messages or you are.
I think I am. _Only_
Unfortunately I cannot determine why only some sites have troubles
and that's why I seeking advice here on howto further diagnose
the problem.
Any hints are appreciated!
It's a stab in the dark but I would start with the assumption that some
sites are using server load balancing and that
Hi Walter,
I've seen this behavior also. When I 'set debug loud' I got more
information recorded via syslog.
Some stuff about RFC1323 and bad-timestamp errors.
Below is a section of a pf.conf file. It would be interesting to know if
you get similar results with
set debug loud when trying to
More info - I ran a test scenario.
Here is a sample of the messages I get via syslog with set debug loud
and scrub with reassemble tcp trying to run OS X's Software Update.
Jul 19 19:42:37 obsd38 /bsd: pf_normalize_tcp_stateful: Did not receive
expected RFC1323 timestamp
Jul 19 19:42:37
15 matches
Mail list logo
