Re: scrubbing problem(s) with pf

Tue, 09 Sep 2008 10:26:19 -0700 

Todd,
Yes I have. The problem is we cannot change anything on the client end we can only fix it on our end. We have tried with cisco fw and the access works with those same people having issues but as soon as we put openbsd pf people begin to complain. These are just few users that we are testing there may be other users who cannot reach the site either (which we don't know about). 

-Parvinder Bhasin

On Sep 9, 2008, at 10:08 AM, Todd T. Fries wrote:


Did you read the pf suggestions via pppoe(4) ?  AT&T tends to use  
pppoe(4)..

--
Todd Fries .. [EMAIL PROTECTED]

_____________________________________________

|                                             \  1.636.410.0632  
(voice)
| Free Daemon Consulting, LLC                 \  1.405.227.9094  
(voice)

| http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| "..in support of free software solutions."  \          250797 (FWD)
|                                             \
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

             37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
                       http://todd.fries.net/pgp.txt

Penned by Parvinder Bhasin on 20080909  9:59.02, we have:

I am having hard time with issue that some of the DSL (ATT) are  
having

issues connecting to website behind my openbsd firewall.  Now if I
switched it back to cisco asa , access works flawlessly.

Everyone including those on DSL(ATT) are able to access the website

(with cisco) but as soon as I put my Openbsd firewall website  
access to

SOME DSL (ATT) users stops working.


I troubleshooted the problem to be related to "scrubbing  
(normalization

of packets)".
So I tried couple of options in scrubbing rules: and got couple of
people experiencing the problem to work but there are few still
complaining that they can't access the site.  I have tried this from

multiple different connections.  Even with Verizon EVDO internet  
access ,
people can't access the site.  Its reallly weired and I have been  
pulling

my hair on this.  I don't really want to put other firewall in.

I would like to know what other people who are running openbsd as
firewall are using for scrubbing.

Here is what I used first time:

scrub in all

and then changed to

scrub in all no-df
scrub out all no-df

and got few of DSL users to see the site but then others still can't.
Verizon users can't either.

Any thoughts/help highly appreciated.  I dont' want to go BALD :)

Thanks
























					Reply via email to