Tom Uffner wrote:
changed my scrub rule to "scrub all no-df fragment reassemble"
no effect.
if it makes difference, the nfs server runs debian stable w/ linux 2.6.18
kernel, and my client is FreeBSD 8.0-CURRENT #160: Tue Apr 8 07:49:18
EDT 2008
adding random-id as discussed in pf.conf under no-df does not help either.
it appears that somebody is seeing a FIN followed by a timeout waiting for an
ACK, because if i watch the state table i see this before the state goes away
completely:
all tcp 10.69.69.60:841 -> 10.69.69.21:2049 ESTABLISHED:FIN_WAIT_2
does this mean the server closed the connection? it can't mean my client did,
otherwise it wouldn't be trying to send, right?
is there an explanation somewhere of what all the fields in a pfctl -ss (and
pfctl -vvv -ss) mean?
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
