pf and http (ebay)?
Dick Davies
rasputnik at hellooperator.net
Fri Apr 22 03:17:05 PDT 2005
* Max Laier <max at love2party.net> [0415 18:15]:
> On Friday 08 April 2005 18:41, Dick Davies wrote:
> >
> > 'waiting for include.ebaystatic.com'
> >
> > message on the status bar.
> >
> > pflog looks like:
> >
> > root$ tcpdump -r /var/log/pflog|grep ebay
> > reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
> > 17:29:56.885697 IP my.intl.ebay.com.http > laptop.ip.60674: R
> > 2025419634:2025419634(0) ack 1452466570 win 64240
> > 17:30:07.917906 IP search.ebay.co.uk.http > laptop.ip.52293: R
> > 1766217212:1766217212(0) ack 1086438034 win 64240
> > My guess is that pf is not letting the responses back from that
> > server because firefox didn't request from that server?
> > But ipf on the gateway (which has a similar outbound keep state rule)
> > never had this problem - any idea what's going on, or how I can debug this?
> The blocked packets in your log are RSTs so it's most likely a window
> violation - possibly caused by ipf on the gateway?!? Please add an "-e" to
> your tcpdump to see the reason for the block. You might also want to enable
> debugging (pfctl -x misc) and watch the console for "bad state" messages.
Thanks for the sanity check - it definitely looks like some kind of ipf conflict,
I'm using an almost identical pf.conf on another 5.4rc with no problems.
--
'In the beginning the Universe was created. This has made a lot of people
very angry and been widely regarded as a bad move.'
-- The Guide
Rasputin :: Jack of All Trades - Master of Nuns
More information about the freebsd-stable
mailing list