From owner-freebsd-stable@FreeBSD.ORG Fri Apr 8 16:41:57 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC38816A4CE for ; Fri, 8 Apr 2005 16:41:57 +0000 (GMT) Received: from mta13-winn.mailhost.ntl.com (smtpout19.mailhost.ntl.com [212.250.162.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21ECF43D53 for ; Fri, 8 Apr 2005 16:41:56 +0000 (GMT) (envelope-from rasputnik@hellooperator.net) Received: from aamta04-winn.mailhost.ntl.com ([212.250.162.8]) by mta13-winn.mailhost.ntl.com with ESMTP <20050408164154.LJFB2577.mta13-winn.mailhost.ntl.com@aamta04-winn.mailhost.ntl.com> for ; Fri, 8 Apr 2005 17:41:54 +0100 Received: from 9.hellooperator.net ([81.103.32.202]) by aamta04-winn.mailhost.ntl.com with ESMTP <20050408164154.HRTB1352.aamta04-winn.mailhost.ntl.com@9.hellooperator.net> for ; Fri, 8 Apr 2005 17:41:54 +0100 Received: from [10.4.0.5] (helo=eris.tenfour) by 9.hellooperator.net with esmtp (Exim 4.44) id 1DJwYI-00007R-AK for freebsd-stable@freebsd.org; Fri, 08 Apr 2005 17:41:52 +0100 Received: from rasputnik by eris.tenfour with local (Exim 4.50 (FreeBSD)) id 1DJwYI-00077f-4B for freebsd-stable@freebsd.org; Fri, 08 Apr 2005 17:41:50 +0100 Date: Fri, 8 Apr 2005 17:41:49 +0100 From: Dick Davies To: FreeBSD Stable Users Message-ID: <20050408164149.GG61775@eris.tenfour> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: pf and http (ebay)? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dick Davies List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Apr 2005 16:41:57 -0000 I have pf running on my laptop with a config including: pass out on $ext_if proto { tcp, udp } all keep state (there's a 'block in log all' and a couple of services allowed in too further up, but that's the gist of it.) which works well for some sites but not all. In particular, going to 'my ebay' hangs firefox with a 'waiting for include.ebaystatic.com' message on the status bar. pflog looks like: root$ tcpdump -r /var/log/pflog|grep ebay reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file) 17:29:56.885697 IP my.intl.ebay.com.http > laptop.ip.60674: R 2025419634:2025419634(0) ack 1452466570 win 64240 17:30:07.917906 IP search.ebay.co.uk.http > laptop.ip.52293: R 1766217212:1766217212(0) ack 1086438034 win 64240 My guess is that pf is not letting the responses back from that server because firefox didn't request from that server? But ipf on the gateway (which has a similar outbound keep state rule) never had this problem - any idea what's going on, or how I can debug this? Thanks! -- 'And if you think you're going to bleed all over me you're even wronger than you normally be' -- The Specials, 'Little Bitch' Rasputin :: Jack of All Trades - Master of Nuns