Walter Haidinger([EMAIL PROTECTED]) on 2006.07.19 12:28:52 +0000: > Hi! > > I'm running OpenBSD 3.9 GENERIC as a NAT router. > > If I add the "reassemble tcp" option to my scrub rule in pf.conf, > I have trouble connecting to some sites, particulary ebay (ebay.de, > ebay.at and ebay.com as well as e.g. kaufen.ebay.de) and > some other few sites, from a machine behind the NAT router. > > Connects time out or have long delays if the site responds at all. > If connecting directly from OpenBSD, using lynx or squid running on > the router, there is no problem.
This sounds like a MTU problem. Either those sites are blocking ICMP-frag-needed messages or you are. - set the correct MTU - check pf.conf for "scrub max-mss [...]" - google - why do you use no-df? /B. [demime 1.01d removed an attachment of type application/pgp-signature]
