This sounds like a timing/fragmenting problem. Google blasts things out big and smooth. Most sites you see a lot more chatter on the tcp layer. If you have another machine with a different stack (Sun/Linux..) put it on the inside of the firewall and see what happens. Or use a sniffer and look.
Dhu On Mon, 07 Apr 2008 20:37:10 -0500 Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote: > have spent a fair deal of time working with pf and have just seen what > appears to be quite a bizarre problem: > > topology is (internet)--pppoe--(openbsd fw - running > 4.2-release)--switch--(wired/wifi router). > > a winxp host connected to the wifi router has no problem viewing > webpages, etc, however, a macosx host connected to the wifi router gets > packets randomly (AFAICT) dropped by the openbsd fw. google seems to > load fine on the macosx machine but other sites will not load with any > regularity. the packet dropping has been observed on the firewall using > 'tcpdump -nettvi pflog0' and packets were being blocked on the internal > internal interface, either em2 or vlan2, until the pf rule 'pass on > $int_if' was changed to 'pass on $int_if no state'. then packets started > getting blocked on the external interface, despite a rule 'pass out on > $ext_if' as a catch-all at the end of the ruleset. the rule that shows > as being the blocker is 'block log all', the first rule in the set. > > so in essence, i see rules that are not being obeyed in the pf ruleset, > but only for the macosx host and not the winxp one. the macosx firewall > is turned off and i can ssh from the macosx host to the openbsd fw just > fine. i can also ping fine from the macosx host, so dns and routing are > working. > > clues as to wtf is going on would be appreciated. can supply more > detailed info on request. > > cheers, > jake > > --
