Date: Fri, 22 Apr 2005 11:16:57 +0100 From: Dick Davies <rasputnik@hellooperator.net> To: Max Laier <max@love2party.net> Cc: FreeBSD Stable Users <freebsd-stable@freebsd.org> Subject: Re: pf and http (ebay)? Message-ID: <20050422101656.GM73687@eris.tenfour> In-Reply-To: <200504081915.46824.max@love2party.net> References: <20050408164149.GG61775@eris.tenfour> <200504081915.46824.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* Max Laier <max@love2party.net> [0415 18:15]: > On Friday 08 April 2005 18:41, Dick Davies wrote: > > > > 'waiting for include.ebaystatic.com' > > > > message on the status bar. > > > > pflog looks like: > > > > root$ tcpdump -r /var/log/pflog|grep ebay > > reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file) > > 17:29:56.885697 IP my.intl.ebay.com.http > laptop.ip.60674: R > > 2025419634:2025419634(0) ack 1452466570 win 64240 > > 17:30:07.917906 IP search.ebay.co.uk.http > laptop.ip.52293: R > > 1766217212:1766217212(0) ack 1086438034 win 64240 > > My guess is that pf is not letting the responses back from that > > server because firefox didn't request from that server? > > But ipf on the gateway (which has a similar outbound keep state rule) > > never had this problem - any idea what's going on, or how I can debug this? > The blocked packets in your log are RSTs so it's most likely a window > violation - possibly caused by ipf on the gateway?!? Please add an "-e" to > your tcpdump to see the reason for the block. You might also want to enable > debugging (pfctl -x misc) and watch the console for "bad state" messages. Thanks for the sanity check - it definitely looks like some kind of ipf conflict, I'm using an almost identical pf.conf on another 5.4rc with no problems. -- 'In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move.' -- The Guide Rasputin :: Jack of All Trades - Master of Nuns
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050422101656.GM73687>