Date: Wed, 5 Mar 2008 16:08:09 +0200 From: "Dennis Melentyev" <dennis.melentyev@gmail.com> To: "=?UTF-8?B?0JLQu9Cw0LTQuNGB0LvQsNCyINCd0LXQtNC+0YHQtdC60LjQvQ==?=" <mr.vladis@gmail.com> Cc: stable@freebsd.org Subject: Re: Could Not open some sites from Windows Vista and Server 2008 when using FreeBSD as gw Message-ID: <b84edfa10803050608i3d647fcv2ede7737dbea54c5@mail.gmail.com> In-Reply-To: <fedd0b9d0803050429p5d1365b9x4527fe8b1019c666@mail.gmail.com> References: <fedd0b9d0803050049t7849a199y339f707033bb4aec@mail.gmail.com> <b84edfa10803050244t1e26264atc65e80ef09cd3572@mail.gmail.com> <fedd0b9d0803050429p5d1365b9x4527fe8b1019c666@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! Well, I'm not a PF professional, and you have rather advanced setup. So, someone with good PF experience is needed here. 2008/3/5, Владислав Недосекин <mr.vladis@gmail.com>: > Hi, i understand that there is too little facts to analyze, but maybe some > one have the same problem and also i can provide you information. > TCP dump 192.168.200.11 - ip of PC with vista > # tcpdump | grep 192.168.200.11 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ste0, link-type EN10MB (Ethernet), capture size 96 bytes > ^C^C^C^C3 packets captured > 433 packets received by filter > 0 packets dropped by kernel > # tcpdump | grep 192.168.200.111 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ste0, link-type EN10MB (Ethernet), capture size 96 bytes ... > 13:51:47.676471 arp who-has 192.168.200.200 (00:1d:60:ce:74:e8 (oui > Unknown)) tell 192.168.200.111 What's that? ... > PF.CONF > ... > # Block Policy > block in log all > block in log quick from no-route to any > block in log quick on $ext_if from <rfc1918> > block return-icmp out log quick on $ext_if to <rfc1918> > antispoof quick for $int_if > antispoof quick for $ext_if > block out from 192.168.0.146 to any Does log shows anything interesting? I mean dropped packets. What about SQUID's log? Some special auth? Client's insisting on HTTP/1.1? Some glitches with transparent proxying (if I get it right from your PF config)? > i've tried > sysctl net.inet.tcp.rfc1323=0 > but it does't help. > > And about ip6 it is disabled, but in enabled state it does't help. Dropped by PF? -- Dennis Melentyev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b84edfa10803050608i3d647fcv2ede7737dbea54c5>