questions

[Mohd Andri Baharudin <myopenbsd@yahoo.com>]

Hi all,

I have a problem here. I have setup 1 firewall box running on i386 platform and OpenBSD 3.1. This firewall running on bridging mode. There is web server running behide firewall , and it is on Linux 6.x. The firewall rules is only pass in from any to web server and pass out everything from internal to any.

pf.conf

pass in quick on $IFC1 inet proto tcp from any to $web port = 80 flags S/SA modulate state

pass out quick on $IFC1 inet proto { tcp, udp } from any to any keep state

block in log on $IFC1 all

The problem is when I activate this rules, user from internet can't browse the web. When i run tcpdump log this is the output:

10:40:17.338106 x.x.x.x.www > 210.187.234.13.1203: S 2021630699:2021630699(0) ack 4955287 win
 32696 <mss 536,nop,nop,sackOK> (DF)
10:40:17.572122 x.x.x.x.www > 192.228.177.111.2887: S 2030684938:2030684938(0) ack 482357681
 win 32120 <mss 1460> (DF)
10:40:17.632436 x.x.x.x www > 192.228.177.111.2887: S 2030684938:2030684938(0) ack 482357681
 win 32120 <mss 1460> (DF)
10:40:17.882561 x.x.x.x.www > 202.71.96.40.28725: S 3055158477:3055158477(0) ack 2025042985 w
in 7300 <mss 1460,nop,nop,sackOK,nop,wscale 0> (DF)
10:40:17.964319 x.x.x.x.www > 202.71.96.40.28660: S 2411990167:2411990167(0) ack 2008347195
win 32120 <mss 1460,nop,nop,sackOK,nop,wscale 0> (DF)
10:40:18.075660 x.x.x.x.www > 202.184.24.91.49470: S 2025574058:2025574058(0) ack 2482522188
 win 32120 <mss 1460,nop,wscale 0> (DF)

I suspect, firewall block the packet because it is too big and not fragment.

Any idea to solve this problem?

thanks
Yahoo! Health - Feel better, live better