|
|
|||
Identify rules to behaviour
Hi every one,
I was curious if there was a way with PF to identify what rule react to a specific network action: The situation I am facing here, is a havy latency when connecting to a specific website. When I disable PF on my box, then every thing goes smooth.. So probably there is a conflict between at least 2 rules.. If someone has any idea of how to debug this, it would be cool as it is really the first time I am facing that kind of crap.. Thank |
|
|||
Thanks jggimi,
I can see that my packets are passing over and not blocked. However I still have a latency when trying to connect to this specific web site. at the first connection, it load correctly and then when hitting links it hang. The browser show 'thinking' for ever.... Any Ideas would be great .. Thanks, |
|
||||
"Hang" and "Thinking forever" are not how I would define the term "latency".
You have described a breakdown in communication. You have also asked how to diagnose it. I would look for a root cause by first determining what those "links" are that you describe, to determine what they do. HTTP? URLs? Javascript code? Java applet execution? Lotus Notes URIs? FTP URLs? Gopher?..... "Link" is too generic, ain''t it? If and only if you have determined that you do, indeed, have a networking problem, instead of an application problem, then you can move to Step 3, above. One exception: if these are FTP URLs which fail for you and your users, I would look to your PF configuration once more. See the PF Users Guide chapter on Issues with FTP. |
|
|||
You are right Jggimi, I was not enough precise in my description.. It is lso because I have difficulties to identify the real cause. I will try to detail a bit more:
I talk about an https link that point on an OpenSource Application. This appliction is based on: CentOS, Appache2, Mysql, phpMysql, Perl. Consider the DB server installed separatly of the www server. That envirronnement is facing internet. When connecting from anywhere on the net, the application (understand the web interface) do not hang. But when connecting from behind the OBSD box, it hang after few minutes... I did tryed to sniff on one of the machines connecting from behind the box and I can see many bad TCP (TCP retransmission, TCP Dup Ack). Usually it is at those steps that the page start to hang. From outside (means anywhere on the net) I noticed the same bad TCP, but it does not hang. If I disable pf, the app work fine.... From behind the box any access to internet web sites is good. Hope I was clearer here.. Thanx |
|
||||
From your somewhat better description, it appears to me that your PF configuration is not handling TCP retransmissions or TCP fragments properly.
I would look to any settings you may have copied/pasted from someone else's PF configuration. Flags on rules affect state table management. Scrub rules affect packet fragments, reassembly, and traffic normalization. Runtime options could also be a cause. Since you have not shared your pf.conf file, this is all just a wild guess, of course. If you decide to share it, just redact any "real" IP addresses or other identifying information. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
pf rules - list syntax | drummondislebsd | OpenBSD Security | 1 | 9th January 2011 07:36 PM |
PF Rules for DoS | chazz | FreeBSD Security | 3 | 14th July 2009 09:35 PM |
Help with pf rules | TerranAce007 | OpenBSD General | 4 | 16th January 2009 10:14 PM |
strange behaviour after improper shutdown | karri | FreeBSD General | 1 | 15th October 2008 03:08 PM |
Funny network behaviour :) | PatrickBaer | General software and network | 5 | 9th October 2008 09:47 AM |