Date: Fri, 16 Aug 2013 14:50:58 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Alexander <axex007@yandex.ru> Cc: freebsd-pf@freebsd.org Subject: Re: Windows 7 + freebsd-pf + windows scale SYN-ACK problem Message-ID: <20130816125058.GA28156@insomnia.benzedrine.cx> In-Reply-To: <520E1822.7010505@yandex.ru> References: <520E1822.7010505@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 16, 2013 at 04:16:34PM +0400, Alexander wrote: > Now my question is, is there any solution to stop PF block syn-ack > packets that don't have wscale option in a connection where syn > packet has it (in my case wscale proposed by windows 7 host is 8) The missing wscale on the SYN-ACK is not the reason pf is blocking the packet. This case is quite common: if the client supports (and offers) window scaling, but the server doesn't support it. If pf would not work in this case, more people would have noticed already ;) So, what other reasons could there be for the reply to arrive on the external interface but not get forwarded to the internal interface (that's what you verified, right?)? Check pfctl -si output before and after reproducting the problem, are any counters increasing? If you simply disable pf for a test, does it work? Same with netstat -sp ip|tcp HTH, Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130816125058.GA28156>