You might want to include a tcpdump capture around the time of the failure from the OpenBSD box.
Simon Kammerer wrote: > My pf.conf with OpenBSD 3.7 (GENERIC) > > > > int_if = "vr1" > ext_if = "vr0" > > int_net = "192.168.1.0/24" > ext_net = "192.168.0.0/24" > > block all > > pass quick on lo0 all > > > pass in on $int_if from $int_net to any > pass out on $int_if from any to $int_net > > pass in quick on $ext_if proto tcp from any to 192.168.1.123 port ssh > keep state > > > If I connect to 192.168.1.123 from 192.168.0.23 with ssh, the > connection > breaks after a certain amount of transfered packets (scp ~ 1,2MB). > > > If I change the last rule to > > pass in quick on $ext_if proto tcp from any to 192.168.1.123 port ssh > > (-> without keep state), the connections doesn't break! (Or at least I > wasn't able to reproduce with tranfers of > 150MB) > > My setup > > win32 (192.168.0.23) initiates ssh-connection > openbsd (192.168.0.240 / 192.168.1.1) > linux (192.168.1.123) > > all hosts connected via ethernet on one cheap soho-switch. > > > Any hints?
