have you run wireshark between the firewall and the system to see if it is
actually entering the LAN traffic and might just be the mac screwing up?
> From: [EMAIL PROTECTED]
> To: [email protected]
> Date: Thu, 2 Oct 2008 10:53:31 -0500
> Subject: Re: [pfSense Support] Can't connect to subaru.com on port 80
>
> This is a cable modem, and it works if I directly connect to my modem.
>
> -Phil G
>
>
>
>
> On Oct 2, 2008, at 10:45 AM, "Ermal Luçi" <[EMAIL PROTECTED]> wrote:
>
> > Open /etc/inc/filter.inc and search for pppoeclient:
> > after 4 line of that enter this
> > set iface enable tcpmssfix
> >
> > and retry connecting the pppoe and see if that fixes the problem.
> > I was having the same problems with mail.yahoo/hotmail/msn messenger
> > and some other sites on one installation and that fixed it.
> > I think its worth a try.
> >
> > Other than that it might be a timestamp handling issue on the client
> > stack that is failing to open the site.
> >
> > On Thu, Oct 2, 2008 at 6:38 AM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> >> i know, i just want to check out the new wrx's and sti!!
> >>
> >> tried messing with the mtu without any luck.
> >>
> >> ok, here is tcpdump running on my pfsense firewall(unixbox.gnet).
> >> you can
> >> see my request to subaru.com and then the reply comes to the
> >> firewall but
> >> never get's passed to my computer. what's weird is the reset.
> >>
> >> 23:30:04.664256 IP UNIXBOX.gnet.49796 > subaru.com.http: S
> >> 1787975612:1787975612(0) win 65535 <mss 1460,nop,wscale
> >> 0,nop,nop,timestamp
> >> 2090781090 0,sackOK,eol>
> >> 23:30:04.710299 IP subaru.com.http > UNIXBOX.gnet.49796: S
> >> 2731372884:2731372884(0) ack 1787975613 win 4380 <mss 1460,nop,wscale
> >> 0,nop,nop,timestamp 311872670 2090781090,sackOK,eol>
> >> 23:30:05.321055 IP 12.120.5.14.http > UNIXBOX.gnet.49740: R
> >> 2533320030:2533320030(0) ack 10685623 win 0
> >> 23:30:07.420107 IP UNIXBOX.gnet.49796 > subaru.com.http: S
> >> 1787975612:1787975612(0) win 65535 <mss 1460,nop,wscale
> >> 0,nop,nop,timestamp
> >> 2090781095 0,sackOK,eol>
> >>
> >>
> >>
> >> so in search of what the ip of the reset flag is i pointed my
> >> browser to it.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> so they are behind some type of load balancer but wtf??
> >>
> >>
> >>
> >>
> >> On Oct 1, 2008, at 11:30 PM, Bill Marquette wrote:
> >>
> >>> On Wed, Oct 1, 2008 at 11:12 PM, Chris Buechler
> >>> <[EMAIL PROTECTED]>
> >>> wrote:
> >>>>
> >>>> On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> >>>>>
> >>>>> yep, i looked at it using tcpdump. i just see syn packets going
> >>>>> out the
> >>>>> door, i never get any syn-acks back.
> >>>>>
> >>>>> 22:50:47.417326 IP unixbox.gnet.49330 > subaru.com.http: S
> >>>>> 3917131801:3917131801(0) win 65535 <mss 1460,nop,wscale
> >>>>> 0,nop,nop,timestamp
> >>>>> 2090776378 0,sackOK,eol>
> >>>>>
> >>>>
> >>>> Have you tried lowering MTU on your WAN, or just on the problem
> >>>> machine? Doing it on the WAN will MSS clamp everything, so if
> >>>> this is
> >>>> limited to one machine I wouldn't do that. With the 1460 MSS that
> >>>> shows and likely 1500 MTU end to end, that should not be a problem.
> >>>> It's worth a shot though.
> >>>
> >>> Wouldn't explain no syn/ack's coming back. This would seem more
> >>> like
> >>> an upstream routing (or firewalling) issue to me. That, or a
> >>> conspiracy against BSD Wiz and his desire to look at new cars.
> >>>
> >>> --Bill
> >>>
> >>> ---
> >>> ------------------------------------------------------------------
> >>> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>> For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >
> >
> >
> > --
> > Ermal
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
