Re: pf, relayd, TCP keep alive and NAT, oh my!

2021-06-02 Thread Stuart Henderson
On 2021-06-02, Cameron Simpson wrote: > On 01Jun2021 20:43, Stuart Henderson wrote: >>On 2021-06-01, Cameron Simpson wrote: >>> If I had TCP keep alive turned on, both ends might tidy themselves up. >>> I can't enable that on the clients (various mail readers) or, >>> apparently, on the server c

Re: pf, relayd, TCP keep alive and NAT, oh my!

2021-06-01 Thread Cameron Simpson
On 01Jun2021 20:43, Stuart Henderson wrote: >On 2021-06-01, Cameron Simpson wrote: >> If I had TCP keep alive turned on, both ends might tidy themselves up. >> I can't enable that on the clients (various mail readers) or, >> apparently, on the server configuration. I can't do it in PF because PF

Re: pf, relayd, TCP keep alive and NAT, oh my!

2021-06-01 Thread Cameron Simpson
On 01Jun2021 11:04, Claudio Jeker wrote: >Make sure you use 'block return' at least for the imap connections. I already do: set block-policy return [... and the first rule ...] # reject everything except as detailed below block return log >This >way when the state is dropped th

Re: pf, relayd, TCP keep alive and NAT, oh my!

2021-06-01 Thread Cameron Simpson
On 01Jun2021 08:53, Dirk Coetzee wrote: >As a first guess, I would consider changing / implementing "set >optimization". This made massive difference on our customers satellite >internet connection. The customer has a terrestrial ISP connection. I've got satellite at home, and do indeed use th

Re: pf, relayd, TCP keep alive and NAT, oh my!

2021-06-01 Thread Stuart Henderson
On 2021-06-01, Cameron Simpson wrote: > If I had TCP keep alive turned on, both ends might tidy themselves up. > I can't enable that on the clients (various mail readers) or, > apparently, on the server configuration. I can't do it in PF because PF > just copies packets. I can't seem to do it

Re: pf, relayd, TCP keep alive and NAT, oh my!

2021-06-01 Thread Claudio Jeker
On Tue, Jun 01, 2021 at 10:25:38AM +1000, Cameron Simpson wrote: > Can I enforce or implement TCP keep alives on a TCP stream via my > firewall? > > Background: > > I've got a client with an OpenBSD firewall and a Telstra NBN modem as > their modem. > > Their IMAP server is upstream in the clo

Re: pf, relayd, TCP keep alive and NAT, oh my!

2021-06-01 Thread Dirk Coetzee
t value is normal. -Original Message- From: owner-m...@openbsd.org On Behalf Of Cameron Simpson Sent: Tuesday, 1 June 2021 8:26 AM To: misc@openbsd.org Subject: pf, relayd, TCP keep alive and NAT, oh my! Can I enforce or implement TCP keep alives on a TCP stream via my firewall? Background:

pf, relayd, TCP keep alive and NAT, oh my!

2021-05-31 Thread Cameron Simpson
Can I enforce or implement TCP keep alives on a TCP stream via my firewall? Background: I've got a client with an OpenBSD firewall and a Telstra NBN modem as their modem. Their IMAP server is upstream in the cloud (Unbuntu, courier imap). I have this odd problem which I am beginning to suspec