Date: Thu, 25 Aug 2016 19:43:12 +1000 From: Carl Hattingh <carl.hattingh@gmail.com> To: freebsd-net@freebsd.org Subject: Re: Cannot access a couple websites Message-ID: <CAEOGyNuu4O8j%2BE7cAqhPrxcV9ks8ZbVsoS=m51S5kej%2B1YrpNA@mail.gmail.com> In-Reply-To: <58CC8163-E6AD-4657-9E34-0D0EB2135FEC@FreeBSD.org> References: <CAEOGyNubamkqoA%2BeF3hkq6RMKZ0Cbk0LCChwyjGs4D16YXdJkg@mail.gmail.com> <58CC8163-E6AD-4657-9E34-0D0EB2135FEC@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
On Thu, Aug 25, 2016 at 7:10 PM, Kristof Provost wrote: > On 24 Aug 2016, at 16:02, Carl Hattingh wrote: > >> We are experiencing a issue which has me rather stumped. We are using >> Freebsd 10.3-RELEASE-p7 under Hyper-V 2012 R2 as a firewall (pf), and are >> unable to browse to www.amazon.com and outlook.office365.com under >> certain >> circumstances. >> >> <snip> > >> >> Has anyone got any ideas on what this could be? We'd be grateful for any >> assistance. >> >> You’re going to have to make a network capture between the gateway and > the NTU device. > Ideally not from the gateway itself (because that might hide checksum > issues). > > Regards, > Kristof > Thanks for the replies. I finally managed to track down the issue, and it was scrub after all. I had "scrub all no-df reassemble tcp" and it was the "reassemble tcp" command that was causing the issue. I have now changed it to "scrub all no-df random-id". I had tested completely commenting out the scrub command earlier to no avail, but clearly wasn't thorough enough in killing states between tests.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEOGyNuu4O8j%2BE7cAqhPrxcV9ks8ZbVsoS=m51S5kej%2B1YrpNA>