View Single Post
  #2   (View Single Post)  
Old 16th May 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

See http://undeadly.org/cgi?action=artic...20060928081238 section Create TCP states on the initial SYN packet.

Although for pf, this section explains why it is important to keep state on the first packet of the three-way TCP handshake. Doing this prevents problems with TCP window scaling.

IIRC FreeBSD has a sysctl to disable this window scaling as defined in RFC 1323.On OpenBSD (don't have access to a FBSD box) it is called
Code:
net.inet.tcp.rfc1323=1
You first could try to disable this.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote