Date: Thu, 25 Aug 2016 19:43:12 +1000 From: Carl Hattingh <carl.hattingh@gmail.com> To: freebsd-net@freebsd.org Subject: Re: Cannot access a couple websites Message-ID: <CAEOGyNuu4O8j%2BE7cAqhPrxcV9ks8ZbVsoS=m51S5kej%2B1YrpNA@mail.gmail.com> In-Reply-To: <58CC8163-E6AD-4657-9E34-0D0EB2135FEC@FreeBSD.org> References: <CAEOGyNubamkqoA%2BeF3hkq6RMKZ0Cbk0LCChwyjGs4D16YXdJkg@mail.gmail.com> <58CC8163-E6AD-4657-9E34-0D0EB2135FEC@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 25, 2016 at 7:10 PM, Kristof Provost wrote: > On 24 Aug 2016, at 16:02, Carl Hattingh wrote: > >> We are experiencing a issue which has me rather stumped. We are using >> Freebsd 10.3-RELEASE-p7 under Hyper-V 2012 R2 as a firewall (pf), and ar= e >> unable to browse to www.amazon.com and outlook.office365.com under >> certain >> circumstances. >> >> <snip> > >> >> Has anyone got any ideas on what this could be? We'd be grateful for an= y >> assistance. >> >> You=E2=80=99re going to have to make a network capture between the gatew= ay and > the NTU device. > Ideally not from the gateway itself (because that might hide checksum > issues). > > Regards, > Kristof > Thanks for the replies. I finally managed to track down the issue, and it was scrub after all. I had "scrub all no-df reassemble tcp" and it was the "reassemble tcp" command that was causing the issue. I have now changed it to "scrub all no-df random-id". I had tested completely commenting out the scrub command earlier to no avail, but clearly wasn't thorough enough in killing states between tests.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEOGyNuu4O8j%2BE7cAqhPrxcV9ks8ZbVsoS=m51S5kej%2B1YrpNA>