Guido Tschakert wrote:
Ok, after digging in the archives I found the thread
pf reassemble tcp problem in latest snapshot?
and it seems there is no real solution for this problem in OpenBSD/pf.
<provocation on>
I found that somewhat poor, because with Cisco IOS and Linux iptables
this problem doesn't exist and there are no problems to reach this sites
with nat.
<provocation off>
> Hello,
>
> I have problems to load some websites (e.g. www.hit.de, www.lidl.de,
www.ebay.de, www.ebay.com). They are very slow if they show up.
> I have this problem since this morning, when I changed our old cisco
router with our new OpenBSD Firewall.
> Other sites load normal.
>
> Here is the network
>
>
> $srcnet----openbsd-box------$src_ext
> |
> ---internet
>
>
> (the OpenbsdBox has a regular IP-Address and an Alias from Class B
$src_ext, therefore there is the exclusion in nat
> Yes I know this looks evil, but I have some more Firewalls in
$src-net :-)
>
>
thanks
guido
