Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 8 Apr 2005 19:15:39 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-stable@freebsd.org, Dick Davies <rasputnik@hellooperator.net>
Subject:   Re: pf and http (ebay)?
Message-ID:  <200504081915.46824.max@love2party.net>
In-Reply-To: <20050408164149.GG61775@eris.tenfour>
References:  <20050408164149.GG61775@eris.tenfour>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Friday 08 April 2005 18:41, Dick Davies wrote:
> I have pf running on my laptop with a config including:
>
>   pass out on $ext_if proto { tcp, udp } all keep state
>
> (there's a 'block in log all' and  a couple of services allowed in too
> further up, but that's the gist of it.)
>
> which works well for some sites but not all. In particular,
> going to 'my ebay' hangs firefox with a
>
> 'waiting for include.ebaystatic.com'
>
> message on the status bar.
>
> pflog looks like:
>
>   root$ tcpdump -r /var/log/pflog|grep ebay
>   reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
>   17:29:56.885697 IP my.intl.ebay.com.http > laptop.ip.60674: R
>     2025419634:2025419634(0) ack 1452466570 win 64240
>   17:30:07.917906 IP search.ebay.co.uk.http > laptop.ip.52293: R 
>     1766217212:1766217212(0) ack 1086438034 win 64240
>
>
> My guess is that pf is not letting the responses back from that
> server because firefox didn't request from that server?
> But ipf on the gateway (which has a similar outbound keep state rule)
> never had this problem - any idea what's going on, or how I can debug this?

The blocked packets in your log are RSTs so it's most likely a window 
violation - possibly caused by ipf on the gateway?!?  Please add an "-e" to 
your tcpdump to see the reason for the block.  You might also want to enable 
debugging (pfctl -x misc) and watch the console for "bad state" messages.

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCVrxCXyyEoT62BG0RAsVdAJ9yb8GSlEU0c3GDhYCGd1Wlt66DHACeLLSp
MF3t8DgllHc4iZSN0nKYs8c=
=4rYQ
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504081915.46824.max>