On 07/24/2012 11:12 AM, Daniel Hartmeier wrote:
On Tue, Jul 24, 2012 at 08:41:54AM -0600, Jason Mattax wrote:
If the upstream router does HTTP inspection, it might be buggy (since
the thunderstorm? :) and react to different HTTP headers. Or it might
run an (broken) antivirus patterns on the HTT
>
> On 07/24/2012 01:07 AM, Daniel Hartmeier wrote:
> > What's the client OS?
> >
> The client OS for this test is Ubuntu 12.04 LTS
>
> jmattax@chani:~/pf_debugging$ uname -a
> Linux chani 3.2.0-26-generic #41-Ubuntu SMP Thu Jun 14 16:26:01 UTC 2012
> i686 i686 i386 GNU/Linux
>
> > It looks like
On Tue, Jul 24, 2012 at 08:41:54AM -0600, Jason Mattax wrote:
> The other thing I did was I accessed the wikipedia server at
> 208.80.154.225 on the firewall. I did this so that I could do the nc
> command on the firewall, the output of the tcpdump of which is attached
> as xl0_tcpdump_nc and s
On 07/24/2012 01:07 AM, Daniel Hartmeier wrote:
What's the client OS?
The client OS for this test is Ubuntu 12.04 LTS
jmattax@chani:~/pf_debugging$ uname -a
Linux chani 3.2.0-26-generic #41-Ubuntu SMP Thu Jun 14 16:26:01 UTC 2012
i686 i686 i386 GNU/Linux
It looks like it might be an inco
What's the client OS?
It looks like it might be an incompatibility between the client and the
peculiar wikipedia server (or loadbalancer or proxy or whatever there
is).
Like the GET request gets lost, but the FIN arrives, and the server
selectively ACKs the FIN, and the client doesn't retransmit
On 7/23/2012 4:05 AM, Daniel Hartmeier wrote:
If you can reliably reproduce the problem with en.wikipedia.org, I
suggest the following:
On the firewall
1) enable verbose logging with pfctl -xm
2) save the output of pfctl -si and netstat -s
3) run the following three tcpdump in paral
On Mon, July 23, 2012 04:12, Damien Fleuriot wrote:
>
>
> On 7/23/12 7:31 AM, Jason Mattax wrote:
>>
>> based on that I could easily upgrade to 8.3, or possibly 9.0 tomorrow if
>> I have the inclination.
>>
>
> I can recommend 8.3, we're using it widely in production.
>
Thanks.
>
>>> 2/ When the
caldero...@gmail.com wrote
> I have the same problem, although i remember having it from the start. I
> started with some basic example configuration for gateway. Noticed that
> some sites would'nt load ans some do.. exc. googles.
>
> Added pass all rule for Internal IF on the right spot, and it wo
If you can reliably reproduce the problem with en.wikipedia.org, I
suggest the following:
On the firewall
1) enable verbose logging with pfctl -xm
2) save the output of pfctl -si and netstat -s
3) run the following three tcpdump in parallel, and save the output:
tcpdump -s 1600 -
On 7/23/12 7:31 AM, Jason Mattax wrote:
>
>
> On 07/22/2012 07:30 PM, Damien Fleuriot wrote:
>>
>> On 23 Jul 2012, at 01:49, jmat...@clanspum.net wrote:
>>
>>> A few weeks ago (I've been trying to debug it myself since then) my pf
>>> firewall stopped working fully correctly. The symptom is tha
On 07/22/2012 07:30 PM, Damien Fleuriot wrote:
On 23 Jul 2012, at 01:49, jmat...@clanspum.net wrote:
A few weeks ago (I've been trying to debug it myself since then) my pf
firewall stopped working fully correctly. The symptom is that I can no longer
access a variety of websites when I'm behi
On 23 Jul 2012, at 01:49, jmat...@clanspum.net wrote:
> A few weeks ago (I've been trying to debug it myself since then) my pf
> firewall stopped working fully correctly. The symptom is that I can no longer
> access a variety of websites when I'm behind the firewall. I have verified
> that I can
A few weeks ago (I've been trying to debug it myself since then) my pf
firewall stopped working fully correctly. The symptom is that I can no longer
access a variety of websites when I'm behind the firewall. I have verified
that I can access all of the affected websites from outside my firewall. I
13 matches
Mail list logo
