Clients receive only first 4k (issue with pf.conf) -- ignore others
Scott Stevenson
scott at maxify.com
Mon May 30 11:11:28 PDT 2005
(First, I apologize if there are duplicates sent to the list, but
that's related to the question.)
I originally asked about this back in February:
<http://monkey.org/freebsd/archive/freebsd-questions/200502/
msg03071.html>
Then just posted again recently with more details:
<http://monkey.org/freebsd/archive/freebsd-questions/200505/
msg00846.html>
Essentially, certain web client only receive the first 4096 bytes of
the file they request, then a garbage byte, then nothing. I *finally*
figured out that pf was responsible. Specifically, this line in pf.conf:
pass out on $ext_if proto { tcp, udp } all keep state
Everything's fine with Apache if I change it to this:
pass out on $ext_if proto { tcp, udp } all
The problem is that if I use the version without "keep state," the
machine can't send outbound mail, and I see messages like this in
maillog:
May 30 09:14:33 vertigo qmail: 1117469673.126013 delivery
639634: deferral
Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
In fact, I tried to send this message to the list twice yesterday,
but realized that mail packets were being filtered out. I looked at
pflog0 while mail was being sent, but I wasn't able to find the
bounced packets. Here's the relevant smtp line:
pass in quick on $ext_if proto { tcp, udp } from any to any
port 25
I'm much more familiar with the firewalls bundled with various linux
distributions, so I'm really stumped. I've read through various
sections of the PF faq, but I haven't found an answer to this.
Thanks,
- Scott
More information about the freebsd-questions
mailing list