Hi all,
The problem:
- I've a web application which uses HTTPS connection. Sometimes, without
any pattern, the connection hangs up.
What I've seen:
- No recognisable pattern. I've made a litlle PHP program that simply
open and next close a HTTPS connextion. Sometimes it hangs up in 10th
try, sometimes in 150th and sometimes in 38. No reason here.
- If I disable completely the pf ('pf -d) the program runs fine until I
stop it (I've seen 2500 consecutive ok connections...)
My corrective actions:
- Check the permissive rule from any to the server that has the app:
alllow quick on $bridge from any to $web_server allow-opts
- Disabling completely the scrubbing options
no scrub in on $bridge
- Pass from 'set optimization aggressive" to 'set optimization conservative'
- launch the sampe tcpdump command in PF box and in web-app box. When a
connection hungs up I see that some packets doesn't arrive to web-app
box; PF doesn't pass them for unknown reasons.
¿How can I debug it?
¿Any clue?
--
Thanks,
Jordi Espasa Clofent
