From owner-freebsd-pf@FreeBSD.ORG Tue Mar 20 17:52:55 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5272216A401 for ; Tue, 20 Mar 2007 17:52:55 +0000 (UTC) (envelope-from king.812@osu.edu) Received: from defang10.it.ohio-state.edu (defang10.it.ohio-state.edu [128.146.216.79]) by mx1.freebsd.org (Postfix) with ESMTP id 000DD13C4BF for ; Tue, 20 Mar 2007 17:52:54 +0000 (UTC) (envelope-from king.812@osu.edu) Received: from osu.edu (mail-store1.service.ohio-state.edu [128.146.216.22]) by defang10.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id l2KHgOHX025427 for ; Tue, 20 Mar 2007 13:42:24 -0400 Received: from [128.146.216.30] by mail1.service.ohio-state.edu (mshttpd); Tue, 20 Mar 2007 13:42:24 -0400 From: WAYNE KING To: freebsd-pf@freebsd.org Message-ID: <2a1c4c62a19f27.2a19f272a1c4c6@osu.edu> Date: Tue, 20 Mar 2007 13:42:24 -0400 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.14 (built Mar 18 2003) MIME-Version: 1.0 Content-Language: en X-Accept-Language: en Priority: normal Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Spam-Score: 0.00 () [Tag at 10.00] X-CanItPRO-Stream: outbound X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.146.216.12 Subject: problem with linux kernel 2.16.18.2 and packet filter X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2007 17:52:55 -0000 Hello list, My subnet at Ohio State is running a BSD firewall with packet filter. It works great, but I just encountered a weird problem with the linux 2.16.18.2 kernel and packet filter. When the firewall was on I could do absolutely nothing via the web; every page would hang. As soon as I turned the firewall off, all connections worked fine. Apparently this is a known bug? and changing the tcp_window_scaling setting in the kernel to 0 fixes it. Anyway I was hoping that someone could explain to me why that setting might cause a problem with packet filter. It irritated me for weeks. By the way I'm using OpenSuse 10.2 --never had it up to and including Suse 10.1. I'm not sure if this is a problem in general with that kernel or with some distro particular. I'm running fedora core 6 on another computer and that works fine. I just discovered this fix so I haven't checked what kernel that has installed (fedora core 6) or what the tcp_window_scaling is by default. The following com mand fixed it on my computer (openSuse 10.2) echo 0 > /proc/sys/net/ipv4/tcp_window_scaling Any quick insights just for my own education? Thanks so much, Wayne King