On Fri, Jan 8, 2010 at 9:50 PM, M. Keith Thompson
wrote:
> It looks like it was a tcp windowing problem. The command: "sysctl -w
> sysctl net.inet.tcp.rfc1323=0"
> fixed the problem.
This only fixes a symptom. :) There is something wrong with your ruleset.
>>> # Allow ftp
>>> pass in quick on $
On Thu, Jan 7, 2010 at 10:19 PM, M. Keith Thompson
wrote:
> On Thu, Jan 7, 2010 at 2:37 PM, J65nko wrote:
>>> # SSH from NetEng subnet
>>> pass in quick log on $ext_if proto tcp from $net_eng to $ext_if port
>>> 22 keep state
>>>
>>> # Allow inside
> # SSH from NetEng subnet
> pass in quick log on $ext_if proto tcp from $net_eng to $ext_if port
> 22 keep state
>
> # Allow inside network to ping the server
> pass in quick on $ext_if proto icmp from $pingers to $ext_IP keep state
>
> # Allow DNS lookups
> pass out quick on $ext_if proto udp to
