Windows 7 + freebsd-pf + windows scale SYN-ACK problem
Daniel Hartmeier
daniel at benzedrine.cx
Fri Aug 16 12:51:08 UTC 2013
On Fri, Aug 16, 2013 at 04:16:34PM +0400, Alexander wrote:
> Now my question is, is there any solution to stop PF block syn-ack
> packets that don't have wscale option in a connection where syn
> packet has it (in my case wscale proposed by windows 7 host is 8)
The missing wscale on the SYN-ACK is not the reason pf is blocking the
packet. This case is quite common: if the client supports (and offers)
window scaling, but the server doesn't support it. If pf would not work
in this case, more people would have noticed already ;)
So, what other reasons could there be for the reply to arrive on the
external interface but not get forwarded to the internal interface
(that's what you verified, right?)?
Check pfctl -si output before and after reproducting the problem,
are any counters increasing? If you simply disable pf for a test,
does it work?
Same with netstat -sp ip|tcp
HTH,
Daniel
More information about the freebsd-pf
mailing list