From owner-freebsd-stable@FreeBSD.ORG Fri Apr 22 10:17:05 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B42D16A4CE for ; Fri, 22 Apr 2005 10:17:05 +0000 (GMT) Received: from mta05-winn.mailhost.ntl.com (smtpout15.mailhost.ntl.com [212.250.162.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EAD843D1F for ; Fri, 22 Apr 2005 10:17:04 +0000 (GMT) (envelope-from rasputnik@hellooperator.net) Received: from aamta02-winn.mailhost.ntl.com ([212.250.162.8]) by mta05-winn.mailhost.ntl.com with ESMTP <20050422101703.XKCZ1218.mta05-winn.mailhost.ntl.com@aamta02-winn.mailhost.ntl.com>; Fri, 22 Apr 2005 11:17:03 +0100 Received: from 9.hellooperator.net ([81.103.32.202]) by aamta02-winn.mailhost.ntl.com with ESMTP <20050422101702.XBZW1289.aamta02-winn.mailhost.ntl.com@9.hellooperator.net>; Fri, 22 Apr 2005 11:17:02 +0100 Received: from [10.4.0.5] (helo=eris.tenfour) by 9.hellooperator.net with esmtp (Exim 4.44) id 1DOvDV-00035H-9h; Fri, 22 Apr 2005 11:16:59 +0100 Received: from rasputnik by eris.tenfour with local (Exim 4.50 (FreeBSD)) id 1DOvDV-0008bT-5h; Fri, 22 Apr 2005 11:16:57 +0100 Date: Fri, 22 Apr 2005 11:16:57 +0100 From: Dick Davies To: Max Laier Message-ID: <20050422101656.GM73687@eris.tenfour> References: <20050408164149.GG61775@eris.tenfour> <200504081915.46824.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200504081915.46824.max@love2party.net> User-Agent: Mutt/1.4.2.1i cc: FreeBSD Stable Users Subject: Re: pf and http (ebay)? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dick Davies List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 10:17:05 -0000 * Max Laier [0415 18:15]: > On Friday 08 April 2005 18:41, Dick Davies wrote: > > > > 'waiting for include.ebaystatic.com' > > > > message on the status bar. > > > > pflog looks like: > > > > root$ tcpdump -r /var/log/pflog|grep ebay > > reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file) > > 17:29:56.885697 IP my.intl.ebay.com.http > laptop.ip.60674: R > > 2025419634:2025419634(0) ack 1452466570 win 64240 > > 17:30:07.917906 IP search.ebay.co.uk.http > laptop.ip.52293: R > > 1766217212:1766217212(0) ack 1086438034 win 64240 > > My guess is that pf is not letting the responses back from that > > server because firefox didn't request from that server? > > But ipf on the gateway (which has a similar outbound keep state rule) > > never had this problem - any idea what's going on, or how I can debug this? > The blocked packets in your log are RSTs so it's most likely a window > violation - possibly caused by ipf on the gateway?!? Please add an "-e" to > your tcpdump to see the reason for the block. You might also want to enable > debugging (pfctl -x misc) and watch the console for "bad state" messages. Thanks for the sanity check - it definitely looks like some kind of ipf conflict, I'm using an almost identical pf.conf on another 5.4rc with no problems. -- 'In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move.' -- The Guide Rasputin :: Jack of All Trades - Master of Nuns