On 2015-11-06 12:08, Zé Loff wrote: > Since I upgraded my gateway / filter to an APU1D running 5.8-stable, > I've been getting "connection refused" every time I try to access > www.openbsd.org or ftp.openbsd.org.
(For some reason my Thunderbird refused to quote your debug dump output. Probably because it is preceeded by "-- " alone on a new line, which tricks it into thinking it is the start of the mail signature.) > $ tcpdump -ntvvqX -s 1440 -i vlan100 host www.openbsd.org > tcpdump: listening on vlan100, link-type EN10MB > 93.108.49.203.1494 > 129.128.5.194.80: tcp 0 (DF) (ttl 64, id 34270, len 64, > bad ip cksum 0! -> 9e60) > 0000: 4500 0040 85de 4000 4006 0000 5d6c 31cb E..@..@.@...]l1. > 0010: 8180 05c2 05d6 0050 7a81 c78b 0000 0000 .......Pz....... > 0020: b002 4000 16ac 0000 0204 05b4 0101 0402 ..@............. > 0030: 0103 0303 0101 080a 76d2 bf28 0000 0000 ........v..(.... > > 129.128.5.194.80 > 93.108.49.203.1494: tcp 0 (DF) (ttl 46, id 50390, len 40) > 0000: 4500 0028 c4d6 4000 2e06 7180 8180 05c2 E..(..@...q..... > 0010: 5d6c 31cb 0050 05d6 0000 0000 7a81 c78c ]l1..P......z... > 0020: 5014 0000 5123 0000 0000 P...Q#.... FWIW, I'm seeing the same bad ip checksum errors on my development computer running -current (as of sometime last week). This is regardless of what site I try to connect to (well, I tried two, www.openbsd.org and one not running OpenBSD). On a stock 5.7 server (haven't got any 5.8-stable around) I don't see the checksum errors. However, unlike your scenario, regardless of checksum errors my -current box seems to connect fine everywhere, and it receives what appears to be correct data. Regards, /Benny
