Date: Fri, 28 Jul 2006 21:30:31 +0200 From: Stefan Bethke <stb@lassitu.de> To: Garance A Drosihn <drosih@rpi.edu> Cc: freebsd-stable@freebsd.org Subject: Re: Weird problems with 'pf' (on both 5.x and 6.x) Message-ID: <E2B3FC55-4FD7-406C-A245-837B23DC7408@lassitu.de> In-Reply-To: <p0623092ac0ef1e9c5970@[128.113.24.47]> References: <p06230928c0ef06a3bafe@[128.113.24.47]> <p06230929c0ef1457f11c@[128.113.24.47]> <p0623092ac0ef1e9c5970@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 28.07.2006 um 03:57 schrieb Garance A Drosihn: > It occurred to me that it might be more informative to > see the transaction from the *freebsd* side of things, > since that's the machine running pf! So, here is a > similar set of two lpq's, as seen from the print-server > side of the connection. It seems to be telling the > same basic story, as far as I can tell. It's just showing that no ACKs come back. Can you see if anything showing pflog0 with tcpdump? That output should also tell you which rule forced the rejection. What I do find curious is that the client keeps using port 1023 consistently. I was under the impression that reusing the same port number (thus having the same src-ip/port+dst-ip/port tuple) shouldn't work, because "old" packets could arrive after the original connection was closed; that's what the CLOSE_WAIT state in netstat is. Stefan -- Stefan Bethke <stb@lassitu.de> Fon +49 170 346 0140
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E2B3FC55-4FD7-406C-A245-837B23DC7408>