FreeBSD 6.1-RC and pf dropping NAT packets to Windows 98 computers?
Scott Nolde
scott.nolde at gmail.com
Tue Apr 18 16:58:34 UTC 2006
Greetings,
I've recently upgraded my firewall from 5.4 to FreeBSD 6.1-RC #2: Wed
Apr 12 13:40:41 EDT 2006. I use pf as the packet filtering software and
it has worked well for my home network up until this point.
In my home network, I have a mixed environment of devices and operating
systems which includes a windows 98 host my wife uses. This windows 98
computer can no longer netsurf or check email through the new pf
firewall. I make no special allowances for hosts on this network, other
than it has a corresponding nat setup and a pass rule for the local lan
traffic. I believe the problem to be a scrub setting where "scrub in
all" isn't sufficient.
I can't get too technical, but when the win98 host begins an http
session or POP session (to an offsite server), the initial state is
created and some data is exchanged. However, the session doesn't
continue. For a web browser, little is seen other than the website's
header at the top of the browser. For a pop session the user/pass
exchange is made, but any download never completes.
I can use telnet and connect to the pop server and run simple checks
like top and stat and the single state connection works just fine.
Does anyone have any suggestions for a scrub rule to try which might
address and accept packets from the win98 host?
- smn
More information about the freebsd-pf
mailing list