From owner-freebsd-questions@FreeBSD.ORG Thu Jun 14 20:36:42 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2DDF916A468 for ; Thu, 14 Jun 2007 20:36:42 +0000 (UTC) (envelope-from gurdiga@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.freebsd.org (Postfix) with ESMTP id E4BFB13C46C for ; Thu, 14 Jun 2007 20:36:41 +0000 (UTC) (envelope-from gurdiga@gmail.com) Received: by py-out-1112.google.com with SMTP id a29so1227713pyi for ; Thu, 14 Jun 2007 13:36:41 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=nrr6eqLKMeCuA+eXUvMQxJz53PHBhmYMi4x0B/iUN8mzghXWNEpy+j5sWgCVvsrB0N60gkBqb1gj2CmUBPk7j8gXyVMdYsh0xnCowXCPQG+V+9V1w5wmHMsOIZcBDa1c9iGZr487ZYcHw5rgvo/eJ419ClqzVoPpDIJeG4NLtzA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=VLlGLoW6oH+BdueEReP0S8VIaLG6U6YaZSmJRYlfpjOwoIyY6eEasuGkiF9ywb4g5bYkzZGMecU8sAtxUgZbJuSUHQZO2Uev5v61kQDLTpTdXiIwSrye8hXff8aHRTcDNvjQuTh8DrNLm4fK18ZmHHpZ270ZEAjGBwOQbPzZ5OI= Received: by 10.78.150.7 with SMTP id x7mr900463hud.1181853400376; Thu, 14 Jun 2007 13:36:40 -0700 (PDT) Received: by 10.78.194.12 with HTTP; Thu, 14 Jun 2007 13:36:40 -0700 (PDT) Message-ID: Date: Thu, 14 Jun 2007 23:36:40 +0300 From: "Vlad GURDIGA" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: pf(4) + fetch(1) + http://ftp.gnu.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2007 20:36:42 -0000 Hello, There is one strange thing going on with this combination. I saw this many times by now: when fetch(1) is trying to download something from http://ftp.gnu.org, it is hanging after a very small amount of data; sometimes on 0%. After disabling pf(4), fetch(1) is not hanging any more, so I guess that the problem is somewhere in my pf.conf. Here is it: ---- pf.conf -- begin --- ext_if = "em0" icmp_types="echoreq" # don't filter on the loopback interface set skip on lo0 set block-policy return scrub all no-df random-id reassemble tcp # setup a default deny policy block all # activate spoofing protection for the internal interface. antispoof quick for lo0 inet # pass tcp, udp, and icmp out on the external (Internet) interface. # keep state on udp and icmp and modulate state on tcp. pass in on $ext_if proto tcp from any to $ext_if port 65522 keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto {udp, icmp} all keep state ---- pf.conf -- end --- Any idea what's wrong here?