From owner-freebsd-stable@FreeBSD.ORG  Fri Mar 14 20:48:14 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7EC041065677
	for <stable@freebsd.org>; Fri, 14 Mar 2008 20:48:14 +0000 (UTC)
	(envelope-from mr.vladis@gmail.com)
Received: from rn-out-0910.google.com (rn-out-0910.google.com [64.233.170.184])
	by mx1.freebsd.org (Postfix) with ESMTP id 345D68FC19
	for <stable@freebsd.org>; Fri, 14 Mar 2008 20:48:14 +0000 (UTC)
	(envelope-from mr.vladis@gmail.com)
Received: by rn-out-0910.google.com with SMTP id e11so2898913rng.7
	for <stable@freebsd.org>; Fri, 14 Mar 2008 13:48:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	bh=CEeWjJ2VGB3+ehX5iHWZickbsUF0BV4EuhCwYm94XcA=;
	b=bhM9EiFwZcImeeKGBmGWYPFDRN3WlODo40EbUGYcnOdnP0jpVhe9ceHQvdWH2wiH0LrKvB0RntGFzGPrUXq4sfh/zWtJ1lQ9w0gtTmBYGmfr8YE/OfVfXZ9cxFyDqvoJ0G5vca5orNB4W0wbFFzlsQIonCBuGtc0wh/yF3EaqAQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=esw8QRV878XWSpYQ/eotz/KhVvIDzzC+/TqGAZ7rWcZojUsz4zTlvY+qIYYl1kuKtaX3smVD+tJTdIHvxw+1tVDeCQt14Shvn6HoVbzh+o8JyFIAgNdRmWH1rbki8wQ6D5lv7LseFHHFULoO7BZMymJmoIRl6TCYdpg9N8BmOZQ=
Received: by 10.150.203.8 with SMTP id a8mr6577505ybg.146.1205527693173;
	Fri, 14 Mar 2008 13:48:13 -0700 (PDT)
Received: by 10.150.206.3 with HTTP; Fri, 14 Mar 2008 13:48:13 -0700 (PDT)
Message-ID: <fedd0b9d0803141348i55eae4fenc9e4dddbebd4771b@mail.gmail.com>
Date: Fri, 14 Mar 2008 22:48:13 +0200
From: "=?KOI8-R?B?98zBxMnTzMHXIO7FxM/TxcvJzg==?=" <mr.vladis@gmail.com>
To: "Mike Tancsa" <mike@sentex.net>
In-Reply-To: <200803051631.m25GVBIU002198@lava.sentex.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <fedd0b9d0803050049t7849a199y339f707033bb4aec@mail.gmail.com>
	<200803051631.m25GVBIU002198@lava.sentex.ca>
Cc: stable@freebsd.org
Subject: Re: Could Not open some sites from Windows Vista and Server 2008
	when using FreeBSD as gw
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2008 20:48:14 -0000

Hi,
I have found what lines in pf.conf are bloking acess.
When I disable this lines
pass out on $int_if tagged Q1 keep state queue q1_in
pass out on $int_if tagged Q2 keep state queue q2_in
pass out on $int_if tagged Q3 keep state queue q3_in
pass out on $int_if tagged Q4 keep state queue q4_in

It goes very well

May be some one could explain this situation.

With best regards
Vladislav


2008/3/5, Mike Tancsa <mike@sentex.net>:
> At 03:49 AM 3/5/2008, =?KOI8-R?B?98zBxMnTzMHXIO7FxM/TxcvJzg==?= wrote:
>  >We are using FreeBSD as GateWay with PF.
>  >And the problem is that some web-sites as Gmail.com or Msn.com are
>  >unavailable from machines with Vista or Server 2008 installed.
>  >If use external or internal proxy (Kerio WinRoute, wich also goes through
>  >the same FreeBSD gw) they are opening correctly.
>  >Also in 6.1 version were problems with skype from such machines.
>
>
> Its hard to say without seeing your pf rules.  But I seem to recall
>  issues with Vista where pf rules did not have keep state enabled.
>
>
>          ---Mike
>
>