View Single Post
  #9   (View Single Post)  
Old 6th February 2013
KBr KBr is offline
New User
Join Date: May 2012
Posts: 5

Originally Posted by jggimi View Post
If your default router is OpenBSD, PF will be affected by rules or option settings affecting traffic normalization (scrub, and related rules and options). If packet reassembly is turned off in your PF configuration, PF might be blocking packet fragments which you expect to be passed.
There are two statements in my pf.conf concerning this problem
set reassemble yes
match on $Ext scrub (max-mss 1440)

The latter doesn't have anything to do with my route-to rule as the related packets don't pass the external interface

To update your packages, that's as easy as # pkg_add -ui once you are on 5.2 and have updated your $PKG_PATH accordingly.
Thanks for the hint. I will have to sync the clone of my router used as a cold stand by and the update that machine as I cannot afford any downtime of the internet gateway. It will take some days before I can do that.
Reply With Quote