Ok, this is crazy. I read about that new OpenBSD LiveCD so I wanted to try it. (http://g.paderni.free.fr/olivebsd/) I click on the page and... Nothing happens. Neither in Opera nor Firefox (that's my desktop, linux). So, just to verify, I open it via lynx from my OpenBSD router, and it opens... And I just had problems opening other site hosted by free.fr, same story, opens from router, not from desktop. Any ideas what i should be looking at? Here's tcpdump (tcpdump -p -nn host 212.27.63.124) when opening it via lynx from router: ====TCPDUMP==== 01:44:55.741008 62.121.113.251.31886 > 212.27.63.124.80: SWE 4252130529:4252130529(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1699248027 0> (DF) 01:44:55.783597 212.27.63.124.80 > 62.121.113.251.31886: S 976963389:976963389 (0) ack 4252130530 win 5792 <mss 1460,sackOK,timestamp 960425614 1699248027,nop,wscale 8> (DF) 01:44:55.783700 62.121.113.251.31886 > 212.27.63.124.80: . ack 1 win 16384 <nop,nop,timestamp 1699248027 960425614> (DF) 01:44:55.790935 62.121.113.251.31886 > 212.27.63.124.80: P 1:233(232) ack 1 win 16384 <nop,nop,timestamp 1699248027 960425614> (DF) 01:44:55.834654 212.27.63.124.80 > 62.121.113.251.31886: . ack 233 win 27 <nop,nop,timestamp 960425627 1699248027> (DF) 01:44:55.877260 212.27.63.124.80 > 62.121.113.251.31886: . 1:1449(1448) ack 233 win 27 <nop,nop,timestamp 960425637 1699248027> (DF) 01:44:55.878099 212.27.63.124.80 > 62.121.113.251.31886: . 1449:2897(1448) ack 233 win 27 <nop,nop,timestamp 960425637 1699248027> (DF) 01:44:55.878227 62.121.113.251.31886 > 212.27.63.124.80: . ack 2897 win 14936 <nop,nop,timestamp 1699248028 960425637> (DF) 01:44:55.920781 212.27.63.124.80 > 62.121.113.251.31886: . 2897:4345(1448) ack 233 win 27 <nop,nop,timestamp 960425648 1699248028> (DF) 01:44:55.920938 62.121.113.251.31886 > 212.27.63.124.80: . ack 4345 win 16384 <nop,nop,timestamp 1699248028 960425648> (DF) 01:44:55.921050 212.27.63.124.80 > 62.121.113.251.31886: . 4345:5793(1448) ack 233 win 27 <nop,nop,timestamp 960425648 1699248028> (DF) 01:44:55.930243 212.27.63.124.80 > 62.121.113.251.31886: . 5793:7241(1448) ack 233 win 27 <nop,nop,timestamp 960425648 1699248028> (DF) 01:44:55.930312 62.121.113.251.31886 > 212.27.63.124.80: . ack 7241 win 14936 <nop,nop,timestamp 1699248028 960425648> (DF) 01:44:55.974415 212.27.63.124.80 > 62.121.113.251.31886: . 7241:8689(1448) ack 233 win 27 <nop,nop,timestamp 960425662 1699248028> (DF) 01:44:55.974553 62.121.113.251.31886 > 212.27.63.124.80: . ack 8689 win 16384 <nop,nop,timestamp 1699248028 960425662> (DF) 01:44:55.974794 212.27.63.124.80 > 62.121.113.251.31886: . 8689:10137(1448) ack 233 win 27 <nop,nop,timestamp 960425662 1699248028> (DF) 01:44:55.986491 212.27.63.124.80 > 62.121.113.251.31886: . 10137:11585(1448) ack 233 win 27 <nop,nop,timestamp 960425662 1699248028> (DF) 01:44:55.986619 62.121.113.251.31886 > 212.27.63.124.80: . ack 11585 win 14936 <nop,nop,timestamp 1699248028 960425662> (DF) 01:44:55.990232 212.27.63.124.80 > 62.121.113.251.31886: FP 14481:14912(431) ack 233 win 27 <nop,nop,timestamp 960425662 1699248028> (DF) 01:44:55.990416 62.121.113.251.31886 > 212.27.63.124.80: . ack 11585 win 16384 <nop,nop,timestamp 1699248028 960425662,nop,nop,sack 1 {14481:14912} > (DF) 01:44:56.002667 212.27.63.124.80 > 62.121.113.251.31886: . 11585:13033(1448) ack 233 win 27 <nop,nop,timestamp 960425662 1699248028> (DF) 01:44:56.002783 62.121.113.251.31886 > 212.27.63.124.80: . ack 13033 win 14936 <nop,nop,timestamp 1699248028 960425662,nop,nop,sack 1 {14481:14912} > (DF) 01:44:56.014837 212.27.63.124.80 > 62.121.113.251.31886: . 13033:14481(1448) ack 233 win 27 <nop,nop,timestamp 960425662 1699248028> (DF) 01:44:56.014944 62.121.113.251.31886 > 212.27.63.124.80: . ack 14913 win 14505 <nop,nop,timestamp 1699248028 960425662> (DF) 01:44:56.030833 62.121.113.251.31886 > 212.27.63.124.80: F 233:233(0) ack 14913 win 16384 <nop,nop,timestamp 1699248028 960425662> (DF) 01:44:56.074224 212.27.63.124.80 > 62.121.113.251.31886: . ack 234 win 27 <nop,nop,timestamp 960425687 1699248028> (DF) 01:45:10.422854 62.121.113.251.55826 > 212.27.63.124.80: FP 1022798788:1022799222(434) ack 942035112 win 1460 <nop,nop,timestamp 192768686 960421549> (DF) 01:45:10.466259 212.27.63.124.80 > 62.121.113.251.55826: R 942035112:942035112 (0) win 0 (DF) ========
Now when i try to open it from my internal machine, this is what happens (same tcpdump command): ====TCPDUMP==== 01:53:41.212087 62.121.113.251.57178 > 212.27.63.124.80: S 1606868703:1606868703(0) win 5840 <mss 1460,sackOK,timestamp 192896449 0,nop,wscale 2> (DF) 01:53:41.254268 212.27.63.124.80 > 62.121.113.251.57178: S 1537657453:1537657453(0) ack 1606868704 win 5792 <mss 1460,sackOK,timestamp 960557071 192896449,nop,wscale 8> (DF) 01:53:41.254626 62.121.113.251.57178 > 212.27.63.124.80: . ack 1 win 1460 <nop,nop,timestamp 192896460 960557071> (DF) 01:54:11.108603 212.27.63.124.80 > 62.121.113.251.57178: . ack 1 win 23 <nop,nop,timestamp 960564582 192896460> (DF) [tos 0x80] 01:54:11.108821 62.121.113.251.57178 > 212.27.63.124.80: . ack 1 win 1460 <nop,nop,timestamp 192903970 960557071> (DF) 01:54:12.392813 212.27.63.124.80 > 62.121.113.251.57178: F 1:1(0) ack 1 win 23 <nop,nop,timestamp 960564903 192896460> (DF) [tos 0x80] 01:54:12.393259 62.121.113.251.57178 > 212.27.63.124.80: . ack 2 win 1460 <nop,nop,timestamp 192904292 960564903> (DF) 01:54:12.395177 62.121.113.251.60784 > 212.27.63.124.80: S 1652671260:1652671260(0) win 5840 <mss 1460,sackOK,timestamp 192904292 0,nop,wscale 2> (DF) 01:54:12.395661 62.121.113.251.57178 > 212.27.63.124.80: F 435:435(0) ack 2 win 1460 <nop,nop,timestamp 192904292 960564903> (DF) 01:54:12.438592 212.27.63.124.80 > 62.121.113.251.60784: S 1571538277:1571538277(0) ack 1652671261 win 5792 <mss 1460,sackOK,timestamp 960564914 192904292,nop,wscale 8> (DF) [tos 0x80] 01:54:12.438825 62.121.113.251.60784 > 212.27.63.124.80: . ack 1 win 1460 <nop,nop,timestamp 192904303 960564914> (DF) 01:54:12.442439 212.27.63.124.80 > 62.121.113.251.57178: R 1537657455:1537657455(0) win 0 (DF) [tos 0x80] ======== No set options in pf.conf, i had "scrub in", then changed to "scrub in on $ext_if", then commented out at all. Quite simple NAT, couple rules redirecting incoming traffic, "pass out keep state". Or should I paste the whole thing? 3.9 GENERIC#597 i386, snapshot from 5th/6th Feb, or should I paste the whole thing? I'll have to reboot for that, as for now it got filled with messages about me trying to write to a full system, eh, the habit of mirroring whole install sets of various distributions... ;) Thanks in advance for any help, pointers, or kicks in the right direction. I think i saw someone with a problem like that, but didn't manage to find anything in the archives... -- viq (I am subscribed to the list) ---------------------------------------------------------------------- Kliknij po wiecej! >>> http://link.interia.pl/f18ed
