Hello. I have an OpenBSD 3.7 box set up as a router and server for my home network. It connects to the Internet through the kernel PPPoE driver. Naturally, I use pf on that box. Everything runs smoothly, but there are certain websites that do not load properly from machines behind the NAT router.
When trying to access http://mail.yahoo.com or http://linuxhardware.org, an initial connection is made, but no further data comes in as the web browser sits and waits. However, if I open those pages in lynx from the OpenBSD box, they load without any problems. Most other websites load correctly from all machines on my network. Searching Google, I found a similar problem posted to this list a couple years ago in which an MTU setting and fragmentation were the cause of the strage behavior (http://www.monkey.org/openbsd/archive/tech/0211/msg00163.html). The poster added "scrub out all no-df max-mss 1452" to his pf configuration and that fixed his problem. As recommended in the pppoe(4) man page, I set the MSS for the pppoe interface to 1440. I played around with different MSS's and scrubbing out the DF bit, but my problem remains. Does anyone know what is causing this strange problem and how to fix it? My pf.conf (without queueing rules and bloat) looks like this: ------------------------------------------------------- ppp = "pppoe0" table <internal> { 172.16.0.0/22 } scrub random-id scrub fragment reassemble scrub reassemble tcp scrub out on $ppp max-mss 1440 nat pass on $ppp from <internal> to !<internal> -> ($ppp) # allow connection to ssh & apache from the outside pass quick on $ppp proto tcp from any to ($ppp) port {22, 80} # prevet other tcp connection attempts block in on $ppp proto tcp from any to ($ppp) flags S/SA # don't allow routing of packets to where they # should not go block in on $ppp from any to !($ppp) block out on $ppp from !($ppp) to any ------------------------------------------------------- Serban Giuroiu http://javatheory.net __________________________________ Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html
