From owner-freebsd-net@FreeBSD.ORG  Fri Oct 26 06:02:50 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 06CB016A417
	for <freebsd-net@freebsd.org>; Fri, 26 Oct 2007 06:02:50 +0000 (UTC)
	(envelope-from silby@silby.com)
Received: from relay02.pair.com (relay02.pair.com [209.68.5.16])
	by mx1.freebsd.org (Postfix) with SMTP id 910BA13C494
	for <freebsd-net@freebsd.org>; Fri, 26 Oct 2007 06:02:48 +0000 (UTC)
	(envelope-from silby@silby.com)
Received: (qmail 56743 invoked from network); 26 Oct 2007 06:02:47 -0000
Received: from unknown (HELO localhost) (unknown)
	by unknown with SMTP; 26 Oct 2007 06:02:47 -0000
X-pair-Authenticated: 209.68.2.70
Date: Fri, 26 Oct 2007 01:02:41 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Anton Yuzhaninov <citrin@citrin.ru>
In-Reply-To: <4721144A.5000407@citrin.ru>
Message-ID: <20071026010019.N33339@odysseus.silby.com>
References: <47206EE2.6030606@citrin.ru>
	<3171D7CB-2E63-4FAF-92A9-3907D44AB845@fnop.net>
	<4720B3C5.9070806@citrin.ru> <20071025125732.Q27636@niwun.pair.com>
	<4721144A.5000407@citrin.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-net@freebsd.org
Subject: Re: RELENG_7: can't connect to Solaris
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2007 06:02:50 -0000


On Fri, 26 Oct 2007, Anton Yuzhaninov wrote:

> Yes problem was in firewall, not Solaris/FreeBSD tcp stacks.
>
> On Solaris was used ipfilter 3.4.18, and after 3.4.18 was fixed several bugs, 
> which can cause such problems.
> Probably this:
>
> 4.1.17 - Released 20 January 2007
> ....
> fix tracking TCP window scaling in the state code

Thanks for tracking this down, now we know of at least two firewalls that 
are broken in this regards.  (The other one is Rui Paulo's D-Link 
router, I don't recall which model.)

The code I just merged from HEAD to RELENG_7 should reduce the default 
scale value to 3, that should allow things to work even through firewalls 
that do not interpret the scaling value properly.

-Mike