On Thu, Jan 16, 2014 at 8:26 PM, Stuart Henderson <s...@spacehopper.org> wrote:
> Posting the firewall ruleset may possibly help people diagnose this in more
> detail.
Here's some pertinent pf.conf info:
===================================
set skip on { lo enc0 }
set block-policy drop
set reassemble yes no-df
set limit { table-entries 500000, tables 50, states 128000, src-nodes
3000, frags 4000 }
set loginterface none
block all
pass in quick on $ext_if inet proto tcp from any to $ext_if port ssh
===================================
Originally I had the "pass in quick" before the "block all" but
changed this around to test the theory.
Yes, the rdr for rsync and rdp are not shown but the same problem
randomly occurs (and just did) with a direct ssh to the box itself (no
forwarding or nat needed). And to other OpenBSD firewall/routers I
manage there are no issues, either with a direct shell in or with
redirects to inside boxes (but they are not as up-to-date as the one
that fails).
Chris
