On Monday 07 April 2008 00:36:29 Matthew Dillon wrote: > :Matthew Dillon wrote: > :> This has been running well on my router and doesn't really > :> effect other ALTQ disciplines so I am going to go ahead and commit > :> it to clear room to port the probability keyword that Cedric > :> mentioned, before I get back to finishing up HAMMER. > :> > :> -Matt > : > :For some reason, since a week ago, your servers have been unreachable > : to Linux clients. The problem can be temporarily bypassed by setting > : the Linux sysctl net.ipv4.tcp_window_scaling to 0 > : > :-- > :Robert Luciani > > It's got to be something PF (packet filter) is doing. I was using > a Cisco with the T1. I'm using a DFly box running PF with the DSL > line. I'm trying to track it down.
This is usually a symptom of creating state on a TCP packet other than the initial SYN. Make sure you add "flags S/SA" to all your tcp keep state rules. There is plenty on this in the FAQs and lists (freebsd-pf@ and the OpenBSD pf list) for more detailed reference. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
