I recently upgrade to FreeBSD 6.0 via a full reinstall and I've run into a very strange problem with PF. First of all, I'm using the same PF ruleset that I used on 5.4. I know for a fact that it works correctly there. What's happening is that when I turn on PF, I'm able to make outbound connections, but if those connections go idle for more than 30 seconds, PF starts rejecting inbound packets. Furthermore, PF _does_ show an ESTABLISHED state in it's state table. With loud debugging turned on, it's giving me "pf_normalize_tcp_stateful: Timestamp failed 1" messages.
The attached files show all of the details that I've collected about this. this.host.umn.edu (A.B.C.D) is the host that I'm having problems with. The first file shows tcpdump of 'telnet that.host.umn.edu 22' and the PF kernel messages generated by the loud debugging. The second file shows the output of `pfctl -vsa`. I'd greatly appreciate any help that anyone might have about this problem. Paul -- Paul Dokas dokas at oitsec.umn.edu ====================================================================== Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla."
pkts_and_dmesg
Description: Binary data
pfctl_-vsa
Description: Binary data
_______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
