Bjvrn Ketelaars wrote:
Last week (January 24, 2006) I updated our gateway to snapshot (i386).
Everything seems to work fine except that users are complaining about
internet-connections being dropped. The main complaint is that it is
possible to use the internet but it is not possible to transfer files. I
checked this complaint, and indeed there are some problems best
described as connections being closed to fast.
As a test I reverted to a backup (Snapshot December 29, 2005) which
solved the dropping of connections.
Is there anyone who recognizes this problem and maybe has a solution?
[...]
pass in on $wan_if inet proto tcp from !<rfc1918> to 10.0.0.100 port
5000 flags S/SA synproxy state
pass in on $wan_if inet proto udp from !<rfc1918> to 10.0.0.100 port
5000 keep state
pass out on $wan_if proto tcp from any to !<rfc1918> modulate state
flags S/SA
[...]
It looks like this could be related to modulate/synproxy state being
currently broken:
http://marc.theaimsgroup.com/?l=openbsd-pf&m=113844738811816&w=2
It would be interesting to know if the patch helps, I suppose?
Moritz
