On September 9, 2008 11:59:02 am Parvinder Bhasin wrote: > I am having hard time with issue that some of the DSL (ATT) are having > issues connecting to website behind my openbsd firewall. Now if I > switched it back to cisco asa , access works flawlessly. > > Everyone including those on DSL(ATT) are able to access the website > (with cisco) but as soon as I put my Openbsd firewall website access > to SOME DSL (ATT) users stops working. > > I troubleshooted the problem to be related to "scrubbing > (normalization of packets)". > So I tried couple of options in scrubbing rules: and got couple of > people experiencing the problem to work but there are few still > complaining that they can't access the site. I have tried this from > multiple different connections. Even with Verizon EVDO internet > access , people can't access the site. Its reallly weired and I have > been pulling my hair on this. I don't really want to put other > firewall in. > > I would like to know what other people who are running openbsd as > firewall are using for scrubbing. > > Here is what I used first time: > > scrub in all > > and then changed to > > scrub in all no-df > scrub out all no-df > > and got few of DSL users to see the site but then others still can't. > Verizon users can't either. > > Any thoughts/help highly appreciated. I dont' want to go BALD :) > > Thanks
scrub in scrub out on $ext_if max-mss 1440 has worked very well for me with my ISP. I am very interested in hearing about other ways of dealing with DSL connectivity. -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]