Date: Sat, 21 Nov 2009 20:23:47 -0600 From: "David DeSimone" <fox@verio.net> To: <freebsd-pf@freebsd.org> Subject: Re: sending mail with attachments always fails (FreeBSD/pf) Message-ID: <20091122022346.GK2392@verio.net> In-Reply-To: <1de79840911211023n165ecbd0h1051aaada4acefb@mail.gmail.com> References: <6c51dbb10911210706g3490e463x7fdf3809243e30d2@mail.gmail.com> <4B082302.3040704@gmx.de> <6c51dbb10911211007x4ea07528y7642460629788903@mail.gmail.com> <1de79840911211023n165ecbd0h1051aaada4acefb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Proto <mike@jellydonut.org> wrote: > > > rule 4/0(match): pass out on em0: (tos 0x0, ttl 127, id 19860, = offset > > 0, flags [DF], proto TCP (6), length 48) 192.168.0.5.1822 > > > 209.85.129.111.465: tcp 28 [bad hdr length 0 - too short, < 20] >=20 > This looks to be your problem-- bad hdr length 0. This is caused when tcpdump has too small a snaplen; it is not seeing enough of the packet from the pflog interface, so it reports incorrect information at the end. Try adding "-s 128" to collect a larger packet and you should see the full description from tcpdump. That said, the original problem seems like it could easily be caused by a PF state mismatch resulting from assymetric routing. If packets come in a different interface than they go out, or worse, if the return path doesn't even go through the firewall, PF cannot see the reply traffic allowing it to update its TCP window tracking. As a result, short TCP sessions, such as those that fit within the default TCP window, can work okay, but longer sessions that go beyond that window will stall out and fail. --=20 David DeSimone =3D=3D Network Admin =3D=3D fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has = been sent, and may contain information that is confidential or legally = protected. If you are not the intended recipient or have received this = message in error, you are not authorized to copy, distribute, or = otherwise use this message or its attachments. Please notify the sender = immediately by return e-mail and permanently delete this message and any = attachments. Verio, Inc. makes no warranty that this email is error or = virus free. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091122022346.GK2392>