I have a very straight forward pf config doing NAT for the internal network. Works great with the 30+ WinXP, Win2000 and Linux machines, but recently someone added a Vista machine and it simply doesn't work. Very slow, lots of disconnects, etc. The Vista machine can access internal network resources without issue which seems to indicate this is not a hardware issue.
Below is my pf.conf file .. I did a search and found one thread on the mailing lists with similar issues but it didn't seem to resolve the problem (I can't seem to locate the thread this morning). Thanks for any advise (beyond getting rid of Vista.
#############################
# PF Configuration
###############################
ext_if = "vr0"
int_if = "fxp0"
tcp_services = "{ 0, 21, 8234, 22, 2200, 3389, 3388, 8234, 80, 81, 5820, 143, 443, 110, 25, 2500, 587, 993, 45000:50000, 55555 }"
udp_services = "{ 53, 993, 8234 }"
apnic_blocked_services = "{22, 2200, 25, 2500, 587, 20, 21}"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8 }"
table <apnic> { 58.0.0.0/8, 59.0.0.0/8, 60.0.0.0/8, 61.0.0.0/8, 114.0.0.0/8, \
115.0.0.0/8, 116.0.0.0/8, 117.0.0.0/8, 118.0.0.0/8, 119.228.0.0/8, 120.0.0.0/8, \
121.0.0.0/8, 122.0.0.0/8, 123.0.0.0/8, 124.0.0.0/8, 125.0.0.0/8, 126.0.0.0/8, \
169.208.0.0/12, 202.0.0.0/8, 203.0.0.0/8, 210.0.0.0/8, 211.0.0.0/8, 218.0.0.0/8, \
219.0.0.0/8, 220.0.0.0/8, 221.0.0.0/8, 222.0.0.0/8 }
#############################
# PF Options
###############################
set block-policy return
set loginterface $ext_if
set skip on lo
scrub in all
#############################
# PF NAT Configuration
###############################
nat on $ext_if from !($ext_if) to any -> ($ext_if)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
#############################
# PF Filter Rules
###############################
# Default Block Status
block in
pass out keep state
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }
block in quick on $ext_if inet proto tcp from <apnic> to ($ext_if) port $apnic_blocked_services
pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port $udp_services keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if