a few thoughts, - check your subnet masks carefully
- tcpdump is a very useful tool for working out what's going on, especially with 'log' on pf rules and tcpdump -neipflog0 -vv - if you have a restricted MTU connection (pppoe, some others) in the path, make sure you're using an appropriate scrub max-mss option. - if you can, try it with a different router. i have seen some *very* strange behaviour with certain routers (especially if the router is natting) On 2010-08-07, Peter Merritt <pwmerr...@weirdwater.org> wrote: > It acts a firewall to an sbs server, sometimes I can ping out from > server, or firewall sometimes I can't. Internet is extremely slow, and > can't browse to some sites. Some computers on the lan can connect to > internet others can't. Some that can't browse can ping. Some get > destination net unreachable while others can ping the same ip just fine. > I can ssh in from outside to the firewall. Its very erratic, and useless > in its present state. I tested it using the simplest pf.conf, using > suggestions from this group. Right now I have a linksys router running > dd-wrt which works just fine, but the OBSD firewall did antispam and > other duties as well so it is sorely missed. I ran 4.6 and previous > versions without hitch, in fact it usually works so well that I hardly > remember its there. I thought originally the motherboard not > compatible with 4.7, but I have ruled that out, it works fine at an > other location and it ran at that location for 24hrs or more with no > issues. I also have another MB with the same chipset, proccessor and > nics, and it works with that. I am far from being an expert but I have > been running obsd since ipf days, this one just baffles me I keep > thinking I've missed something, but everything looks right. > Peter > > -----Original Message----- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf > Of Bryan Irvine > Sent: Friday, August 06, 2010 9:40 PM > To: misc@openbsd.org > Subject: Re: How to Downgrade from 4.7 to 4.6 > > On Fri, Aug 6, 2010 at 9:27 PM, Chris Cappuccio <ch...@nmedia.net> > wrote: >> Considering that 4.7 isn't known to have major, show-stopper bugs in > PF like you experience, you may want to consider that there is a bug in > some other part of the system like the ethernet driver or some such. >> >> If you can try 4.8 snapshots first, and perhaps post your tests, > results, and dmesg to the list, then someone can help you narrow down > what the actual problem is. > > Additionally posting what the actual problem is might help as well. > > -B
