Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Jul 2012 09:01:18 -0500
From:      "Jason Mattax" <jmattax@storytotell.org>
To:        "Damien Fleuriot" <ml@my.gd>
Cc:        Jason Mattax <jmattax@storytotell.org>, freebsd-pf@freebsd.org
Subject:   Re: PF suddenly malfunctioned
Message-ID:  <04e3e73987e308c73f65a95e16022573.squirrel@mail.clanspum.net>
In-Reply-To: <500D1595.4010405@my.gd>
References:  <effb611b289f2b14d345c1cd63c9828a.squirrel@mail.clanspum.net> <2B5A7CC5-0950-47E9-928F-D5909238052C@my.gd> <500CE1B2.5040303@storytotell.org> <500D1595.4010405@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help 
<SNIP>
On Mon, July 23, 2012 04:12, Damien Fleuriot wrote:
>
>
> On 7/23/12 7:31 AM, Jason Mattax wrote:
>>
>> based on that I could easily upgrade to 8.3, or possibly 9.0 tomorrow if
>> I have the inclination.
>>
>
> I can recommend 8.3, we're using it widely in production.
>

Thanks.

>
>>> 2/ When the problem appears. Have you tried disabling PF ? (pfctl -d)
>>> Does it help ?
>>>
>> Since I can consistently reproduce the problem with en.wikipedia.org I
>> have a good way to test. When I run pfctl -d on the firewall it looks
>> like no traffic is being forwarded, including DNS so I eventually get a
>> notice that the web page timed out because I typed the address wrong.
>> That is as opposed to the web browser saying waiting for
>> en.wikipedia.org (and if I recall correctly occasionally getting the
>> redirect to en.wikipedia.org/wiki/Main_Page.) I just tested and got
>> stuck at the waiting for en.wikipedia.org for a couple of minutes before
>> I called it good enough to report here.
>>
>
> Keep in mind that after disabling PF you don't get NAT anymore from your
> workstations through the firewall.
>
> So any test you run while PF is disabled has to be run from the PF box
> itself.
>

That's what I thought, but the firewall itself can see the outside network
just fine whether pf is running or not (I just rechecked that.)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?04e3e73987e308c73f65a95e16022573.squirrel>