login
Login / Register
Header Space

 
 

Home » Mailing list archives » openbsd-misc » 2008 » April » 19

timeouts on http connects outbound

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Moe Sizlak <sizlak1@...>
To: <misc@...>
Subject: timeouts on http connects outbound
Date: Friday, April 18, 2008 - 9:39 pm

Hi all,

 Recently I moved from freebsd 6 to openbsd 4.2 but have had some problems.

I get a lot of timeouts on web pages with a high number of hops and I think
it may be something to do with either pf and/or sysctl.

Any help in diagnosing these timeouts much appreciated.


(box is soekris net5501 with three internal lans nat'd outbound.)
------------------------------------------------------------------------------------

sysctl -w net.inet.ip.forwarding=1
sysctl -w net.inet.tcp.mssdflt=1452
sysctl -w net.inet.tcp.recvspace=131072
sysctl -w net.inet.tcp.sendspace=131072
sysctl -w net.inet.udp.recvspace=139264
sysctl -w net.inet.udp.sendspace=32768



----------------------------------------------------------
#       $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if="pppoe0"
int_if1="vr1"
int_if2="vr2"
int_if3="vr3"
out_net="192.168.11.0/16"

# Private networks, we are going to block incoming traffic from them
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

netbios_ports = "{ 135, 137, 138, 139, 445, 1433 }"
#table <spamd> persist
#table <spamd-white> persist

set block-policy return

scrub in all

nat on $ext_if from $int_if1:network to any -> ($ext_if)
nat on $ext_if from $int_if2:network to any -> ($ext_if)
nat on $ext_if from $int_if3:network to any -> ($ext_if)


#
block all

# block incoming traffic from private networks on external interface
block drop in quick on $ext_if from $priv_nets to any

# block outgoing traffic to private networks on external interface
block drop out quick on $ext_if from any to $priv_nets

block in quick on $ext_if inet proto tcp from any to any flags FUP/FUP
block in quick on $ext_if inet proto tcp from any to any flags SF/SFRA
block in quick on $ext_if inet proto tcp from any to any flags /SFRA
block in quick on $ext_if inet proto tcp from any to any flags F/SFRA
block in quick on $ext_if inet proto tcp from any to any flags U/SFRAU
block in quick on $ext_if inet proto tcp from any to any flags P/P
pass quick on lo0 all

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

#pass in on $ext_if proto udp to any port domain

pass in inet proto icmp all icmp-type echoreq  keep state
pass out inet proto icmp all icmp-type echoreq  keep state

pass in on $int_if1 from $int_if1:network to any keep state
pass in on $int_if2 from $int_if2:network to any keep state
pass in on $int_if3 from $int_if3:network to any keep state
pass out on $int_if1 from any to $int_if1:network keep state
pass out on $int_if2 from any to $int_if2:network keep state
pass out on $int_if3 from any to $int_if3:network keep state

#pass quick on { lo $int_if }
#antispoof quick for { lo $int_if }


--------------------------------------------------------------
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
timeouts on http connects outbound, Moe Sizlak, (Fri Apr 18, 9:39 pm)
Re: timeouts on http connects outbound, Daniel Melameth, (Sat Apr 19, 2:23 am)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 2 users and 1413 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary