On Mon, 11 Jan 2010 17:14:15 -0200 Leonardo Carneiro <lscarne...@veltrac.com.br> wrote:
> Hi again. Removing the scrub rule (which i do not really know what > does) solved my problem, including a similar problem sending files > through scp. Here is the line: > > match in all scrub (no-df) > > What does this line here does? I'd read something about packet > normalization. Also i'd read in the FAQ that use it is a good pratice > (though i really didn't understood why). > > Resuming: Am i in trouble for not using this line? On OpenBSD manpages are actually worth reading. man pf.conf /Scrub It's explained in detail. To your initial problem, Peter gave you the clue to (most likely) fix it, while keeping scrub. You probalby are using an uplink with a MTU lower than 1500. the "max-mss" option reduces the outgoing packet size, so that they don't get fragmented. Using this is a must on todays internet with something like a DSL line/pppoe. 1440 is a value that seems to work for almost everybody everywhere with such a connection. (If you want to know where that number comes from, start substracting header overhead for each layer from the package size.) - Robert
