Date: Fri, 8 Apr 2005 17:41:49 +0100 From: Dick Davies <rasputnik@hellooperator.net> To: FreeBSD Stable Users <freebsd-stable@freebsd.org> Subject: pf and http (ebay)? Message-ID: <20050408164149.GG61775@eris.tenfour>
next in thread | raw e-mail | index | archive | help
I have pf running on my laptop with a config including:
pass out on $ext_if proto { tcp, udp } all keep state
(there's a 'block in log all' and a couple of services allowed in too
further up, but that's the gist of it.)
which works well for some sites but not all. In particular,
going to 'my ebay' hangs firefox with a
'waiting for include.ebaystatic.com'
message on the status bar.
pflog looks like:
root$ tcpdump -r /var/log/pflog|grep ebay
reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
17:29:56.885697 IP my.intl.ebay.com.http > laptop.ip.60674: R 2025419634:2025419634(0) ack 1452466570 win 64240
17:30:07.917906 IP search.ebay.co.uk.http > laptop.ip.52293: R 1766217212:1766217212(0) ack 1086438034 win 64240
My guess is that pf is not letting the responses back from that
server because firefox didn't request from that server?
But ipf on the gateway (which has a similar outbound keep state rule)
never had this problem - any idea what's going on, or how I can debug this?
Thanks!
--
'And if you think you're going to bleed all over me
you're even wronger than you normally be'
-- The Specials, 'Little Bitch'
Rasputin :: Jack of All Trades - Master of Nuns
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050408164149.GG61775>