Hi there. I've a problem with pf on OpenBSD 4.6
After different test, I've been reduced my pf.conf to those rules:
macros....
set block-policy drop
match all scrub (no-df, random-id, reassemble tcp, max-mss 1440)
nat on $ext from $int:network -> $ext:0
block log all
pass in on $int from any to any
pass out on $ext from $ext:0 to any
pfctl get all rules without errors, but I've problem during connection.
If I try to get login with pidgin (MSN) from slackware Linux It doesn't
work.
If I try to get login with pidgin proxied from slackware it works.
I've tried also to remove reassemble tcp from the scrub and it works
If I try to get login with MSN from windows (proxied, with reassemble
tcp, and no proxy) It works.
In all Linux pidgin failed connection I receive this:
connection: Connection error on 0x8551180 (reason: 0 description:
Connection error from Notification server: Reading error)
But the connection will be dropped? (I receive also a block log of ack
for the pidgin connection)
Another problem with reassemble tcp is with windows boot. I receive from
syslog those messages:
block in on rl0: 10.1.3.53.137 > 10.1.255.255.137: udp 50
If I remove reassemble tcp It works fine.
I've tried also with a pass all rules...but with the same result. It's
possible that a scrub with reassemble tcp option, blocks some packet?
What is the reason for this?
It's a my misconfiguration or is a normal behaviuour?
Thanks in advance!
