>> Get tcpdumps on both router interfaces with and without the "reassemble
>> tcp" option. Do this for a similar file on both a working website and
>> broken (ebay) website.
>
> On both router interfaces? Wouldn't the external if be enough?
You're probably right. But my theory is that if you're g
On Friday 21 July 2006 18:38, Walter Haidinger wrote:
> On Fri, 21 Jul 2006, Mike Frantzen wrote:
> > Reassemble TCP does aggressive TCP PAWs checks on the TCP timestamps.
> > It does the usual PAWs check to make sure a timestamp is not older than
> > the last echoed value - which is in theory a wr
On Fri, 21 Jul 2006, Mike Frantzen wrote:
> Reassemble TCP does aggressive TCP PAWs checks on the TCP timestamps.
> It does the usual PAWs check to make sure a timestamp is not older than
> the last echoed value - which is in theory a wrapped sequence number.
> It also does its aggressive check to
Sorry, 'modulate tcp' was a thinko. I had been meaning to move
'modulate state' into the scrubber for a long time.
Reassemble TCP does aggressive TCP PAWs checks on the TCP timestamps.
It does the usual PAWs check to make sure a timestamp is not older than
the last echoed value - which is in theo
On Thu, 20 Jul 2006, Steve Welham wrote:
> Get tcpdumps on both router interfaces with and without the "reassemble
> tcp" option. Do this for a similar file on both a working website and
> broken (ebay) website.
I have now. Got a dump of the following request (all on a single line):
wget -nd -O /
What is 'modulate tcp'?
modulate state works fine.
I get these errors only with scrub's reassemble tcp option
I originally assumed it was an Apple problem since I only had trouble
with the OS X "Software Update" feature.
Going back to the beginning of this thread - Walter Haidinger appears to
ha
> It's a stab in the dark but I would start with the assumption that some
> sites are using server load balancing and that "reassemble tcp" is
> breaking this somehow.
Could be. Lets suspect "poor load balancing" because other big sites,
which most likely do load balancing too, work. eBay is just
You're going to have to turn off 'modulate tcp'. One of the TCP
endpoints isn't following PAWs and stopped sending the TCP
Timestamps or someone is trying to blind hijack the connection.
> More info - I ran a test scenario.
> Here is a sample of the messages I get via syslog with set debug loud
Argh - It might help if I explain more. I have an OpenBSD 3.8 system
running as a transparent packet filter (TPF).
The OS X system is inside ($lanif). Apple's network - CIDR 17/8 is
outside ($wanif). A Cisco PIX is doing NAT. IP's on the $wanif side
that are inside the PIX are considered as DMZ
More info - I ran a test scenario.
Here is a sample of the messages I get via syslog with set debug loud
and scrub with reassemble tcp trying to run OS X's "Software Update".
Jul 19 19:42:37 obsd38 /bsd: pf_normalize_tcp_stateful: Did not receive
expected RFC1323 timestamp
Jul 19 19:42:37 obsd
Hi Walter,
I've seen this behavior also. When I 'set debug loud' I got more
information recorded via syslog.
Some stuff about RFC1323 and bad-timestamp errors.
Below is a section of a pf.conf file. It would be interesting to know if
you get similar results with
set debug loud when trying to
> Unfortunately I cannot determine why only some sites have troubles
> and that's why I seeking advice here on howto further diagnose
> the problem.
>
> Any hints are appreciated!
It's a stab in the dark but I would start with the assumption that some
sites are using server load balancing and tha
On Wed, 19 Jul 2006, Sebastian Benoit wrote:
> This sounds like a MTU problem. Either those sites are blocking
Unlikely. I have cable, not a PPTP/PPPoE link. Therefore, no packet
encapsulation. I'm aware of the MTU issue with ADSL.
> ICMP-frag-needed messages or you are.
I think I am. _Only_ re
Walter Haidinger([EMAIL PROTECTED]) on 2006.07.19 12:28:52 +:
> Hi!
>
> I'm running OpenBSD 3.9 GENERIC as a NAT router.
>
> If I add the "reassemble tcp" option to my scrub rule in pf.conf,
> I have trouble connecting to some sites, particulary ebay (ebay.de,
> ebay.at and ebay.com as well as
Hi!
I'm running OpenBSD 3.9 GENERIC as a NAT router.
If I add the "reassemble tcp" option to my scrub rule in pf.conf,
I have trouble connecting to some sites, particulary ebay (ebay.de,
ebay.at and ebay.com as well as e.g. kaufen.ebay.de) and
some other few sites, from a machine behind the NAT
15 matches
Mail list logo
