pf(4) + fetch(1) + http://ftp.gnu.org
RW
fbsd06 at mlists.homeunix.com
Fri Jun 15 16:06:45 UTC 2007
On Thu, 14 Jun 2007 23:36:40 +0300
"Vlad GURDIGA" <gurdiga at gmail.com> wrote:
> Hello,
>
> There is one strange thing going on with this combination. I saw this
> many times by now: when fetch(1) is trying to download something from
> http://ftp.gnu.org, it is hanging after a very small amount of data;
> sometimes on 0%. After disabling pf(4), fetch(1) is not hanging any
> more, so I guess that the problem is somewhere in my pf.conf. Here is
> ...
> pass in inet proto icmp all icmp-type $icmp_types keep state
> pass out on $ext_if proto tcp all modulate state flags S/SA
Try replacing modulate with keep. I had a similar problem and that
fixed it for me.
I don't think that modulate gives you any benefit unless you have very
old, unpatched OS's behind the firewall.
More information about the freebsd-questions
mailing list