Hello again,
is there a possibility to tell pf.conf to accept malformed packets.
pfctl -x loud tells me:
Aug 24 09:50:43 gw-bonn /bsd: pf_normalize_tcp_stateful: Did not receive
expected RFC1323 timestamp
and the packet is
09:50:43.291716 160.44.70.4.www > 192.168.100.1.49653: F 105:105(0) ack
498 win 64091 <nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop> (DF)
Yeah, I see the packet is awful and someone has to be kicked in the a?#
But I would prefer to let the packet through.
I searched the web and read something about scrub and find out that my rule
scrub all reassemble tcp
drops this packets because it tries to modulate the timestamp according
to RFC1323 (but as one can see, this packet has no timestamp).
Some trials with scrub did not work and lead to more problems.
I tried to use no scrub rules and I tried
scrub in all
scrub out all
(both also with no-df set)
but none of them worked for me. A lot more websites did'nt show up.
(BTW. I use squid on another box, may be there is some other problem)
Now I have but back the Cisco-Crap and start to install a linux with
iptables if none of you have an idea how I could use scrub to solve my
problem *sigh*
Guido Tschakert
