Subject: Re: PF and TCP Window Scaling in NetBSD 3.0
To: None <tech-net@netbsd.org>
From: Rui Paulo <rpaulo@fnop.net>
List: tech-net
Date: 07/11/2006 13:39:30
At Tue, 11 Jul 2006 14:04:33 +0200,
Joerg Roedel wrote:
>
> Hi all,
>
> I found a bug in the Packet Filter of NetBSD 3.0 that has to do with TCP
> Window Scaling. I have a NetBSD 3.0 based router in my network using PF
> for firewalling and NAT. Behind the router in the internal network is a
> Kernel 2.6.16 based Linux box. If I want to connect to some sites from
> this Linux box (e.g. 74.52.39.194), the PF firewall blocks all packets
> after the TCP 3-way-handshake. Using Linux Kernel 2.6.17 on the Linux
> box makes it impossible to use TCP to any other site.
> The problem does not exist if I disable the TCP Window Scaling on the
> Linux Box. It works also if I flush the firewall rules and let the NAT
> rules in place. So it must be a problem in the filter code.
> I didn't tested that behavior with NetBSD-current. Maybe the bug is
> already fixed there. If you need some more details of my tests on it,
> feel free to ask.
Can you show us your filtering rules?