Date: Fri, 15 Jun 2007 17:06:40 +0100 From: RW <fbsd06@mlists.homeunix.com> To: freebsd-questions@freebsd.org Subject: Re: pf(4) + fetch(1) + http://ftp.gnu.org Message-ID: <20070615170640.1ea15927@gumby.homeunix.com.> In-Reply-To: <da7069940706141336y25371e4cq5769beb2fa5208e3@mail.gmail.com> References: <da7069940706141336y25371e4cq5769beb2fa5208e3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 14 Jun 2007 23:36:40 +0300 "Vlad GURDIGA" <gurdiga@gmail.com> wrote: > Hello, > > There is one strange thing going on with this combination. I saw this > many times by now: when fetch(1) is trying to download something from > http://ftp.gnu.org, it is hanging after a very small amount of data; > sometimes on 0%. After disabling pf(4), fetch(1) is not hanging any > more, so I guess that the problem is somewhere in my pf.conf. Here is > ... > pass in inet proto icmp all icmp-type $icmp_types keep state > pass out on $ext_if proto tcp all modulate state flags S/SA Try replacing modulate with keep. I had a similar problem and that fixed it for me. I don't think that modulate gives you any benefit unless you have very old, unpatched OS's behind the firewall.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070615170640.1ea15927>