Date: Tue, 15 Jan 2008 15:44:02 +0200 From: Volodymyr Kostyrko <c.kworr@gmail.com> To: freebsd-pf@freebsd.org Subject: rfc1323 and scrub: window scaling Message-ID: <fmidb2$ns1$1@ger.gmane.org>
next in thread | raw e-mail | index | archive | help
It seems that I have failed to properly configure my machine to allow
windows scaling. Whenever another host connects to my machine with
window scaling enabled my host stop respond to his request after certain
number of seconds. However, if I forcefully turn off rfc1323 support on
my machine or "that other machine". Everything works just fine.
Also with rfc1323 on my config produces two states per connection, each
one for one direction of packets - in and out. With rfc1323 off only one
state is produced.
Here is my config:
set timeout { adaptive.start 8000, adaptive.end 12000 }
set ruleset-optimization basic
set block-policy return
set skip on lo0
scrub all fragment reassemble reassemble tcp random-id
outside="xl0"
table <sshguard> persist
block log all
pass quick proto {icmp,icmp6} all keep state
block quick proto tcp from <sshguard> to any port 22
# $outside
pass out on $outside from ($outside) to any
pass out on $outside proto tcp from ($outside) to any modulate state
pass in on $outside proto udp from any to
{($outside),($outside:broadcast)} port {0:1023,12039,13616,20397}
pass in on $outside proto tcp from any to
{($outside),($outside:broadcast)} port
{0:1023,2049,6881:6882,12039,20393} modulate state
--
Sphinx of black quartz judge my vow.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fmidb2$ns1$1>