On 2008/02/04 18:12, Richard Green wrote: > When when two peers on opposite sides of this firewall attempt to connect, a > TCP SYN packet passes in from peer-1 though one interface, with it's MSS > field set to 1360, through a bi-nat rule and the above scrub rule, and exits > another interface, and onwards to peer-2, it's MSS field value having been > raised to 1400. (This effect observed using tcpdump on both interfaces at the > same time)
I can't replicate this with pf/binat/scrub max-mss...think you'll need some more information to track it down (but I'm not sure what exactly).
