Date: Thu, 14 Jun 2007 23:36:40 +0300 From: "Vlad GURDIGA" <gurdiga@gmail.com> To: freebsd-questions@freebsd.org Subject: pf(4) + fetch(1) + http://ftp.gnu.org Message-ID: <da7069940706141336y25371e4cq5769beb2fa5208e3@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, There is one strange thing going on with this combination. I saw this many times by now: when fetch(1) is trying to download something from http://ftp.gnu.org, it is hanging after a very small amount of data; sometimes on 0%. After disabling pf(4), fetch(1) is not hanging any more, so I guess that the problem is somewhere in my pf.conf. Here is it: ---- pf.conf -- begin --- ext_if = "em0" icmp_types="echoreq" # don't filter on the loopback interface set skip on lo0 set block-policy return scrub all no-df random-id reassemble tcp # setup a default deny policy block all # activate spoofing protection for the internal interface. antispoof quick for lo0 inet # pass tcp, udp, and icmp out on the external (Internet) interface. # keep state on udp and icmp and modulate state on tcp. pass in on $ext_if proto tcp from any to $ext_if port 65522 keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto {udp, icmp} all keep state ---- pf.conf -- end --- Any idea what's wrong here?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?da7069940706141336y25371e4cq5769beb2fa5208e3>