Are you using pf at all? This sounds similar to the issue I had with my pf rules not too long ago. In a nutshell rfc1323 defines tcp window scaling and the scaling factor only shows up in the syn packet of a tcp connection. So you have to make sure you only match state based on the syn packet (ie use "flags S/SA"). If you are matching state based on anything else you miss the scaling factor and thinks are messed up.
>From your description it sounds like these machines are endpoints and not firewalls. If that is the case you could just temporarily turn off the firewall and see if it fixes things. Tim On Monday 05 March 2007 7:07 am, Federico Giannici wrote: > If someone want to reproduce the problem, here it is the address of the > web site: > > https://www.bancadipalermo.it/index.jsp > > In this first page, often (about half of times) the "Sella.it Banca di > Palermo" image in the top left corner doesn't load. Inside the site, > there are many other parts that often don't load. > > Disabling RFC1323 everything works perfectly. > > > Bye. > > Federico Giannici wrote: > > Since I upgraded my two desktops to OpenBSD i386 4.0-stable I started > > experiencing problems with the web site of my Bank. Often, but not > > always, some pages and images don't load and go in timeout. This happens > > with both Firefox and Konqueror. > > > > Now I just found that if I disable the RFC1323 with "sysctl > > net.inet.tcp.rfc1323=0" the problem disappear! > > > > Since I had no problem with that web site until the upgrade and there is > > no problem with Windows (from 98 to XP), I suspect that something broked > > in the OpenBSD implementation of RFC1323 between 3.9 and 4.0. > > > > Is there some known problem? > > > > Thanks. > > > > > > P.S. > > In one of my PC I upgraded to 4.1-beta of a week ago (for the i386 > > freezes with amd64) and the problem remains... -- Tim Kuhlman Network Administrator ColoradoVnet.com
