[opensource] Trouble loading OSU page in Linux

Seth Hall seth at net.ohio-state.edu
Sun Jul 29 20:01:40 EDT 2007


Heh, my stupid message to the list bounced.

It's pretty straight forward to get pf to handle window scaling  
correctly.  All you need to do is set 'flags S/SA keep state' on any  
rule that messes with TCP packets.  That will make pf catch the  
window scaling and pay attention to it when the time comes.

   .Seth


On Jul 29, 2007, at 7:58 PM, William R. Lorenz wrote:

> Hey Seth,
>
> Just out of curiosity, is there a solution to while using OpenBSD's  
> pf, or will you guys be using something in place of OpenBSD/pf,  
> instead?  I tried to Google for a pf window size fix but didn't see  
> anything immediately.
>
> I'm curious if there's a simple pf filter rules adjustment for this?
>
> On Sun, 29 Jul 2007, Seth Hall wrote:
>
>> The problem is primarily misconfigured firewalls.  The firewall  
>> that our group sells is based on OpenBSD and it uses pf which  
>> can't track the window size directly if it doesn't notice the  
>> window size that was set during the syn + syn/ack handshake.  We  
>> really need to check into all of the firewalls out there and get  
>> them reconfigured, but it's hard to find time sometimes.
>>
>> .Seth
>>
>>
>> On Jul 29, 2007, at 5:42 PM, William R. Lorenz wrote:
>>
>>> Hey Guys,
>>> See below for an older take on this direct from OIT, although the  
>>> note I have about it pertains to Vista, in particular.  Same  
>>> basics, though.
>>>
>>>   http://8help.osu.edu/3253.html
>>> On Sun, 29 Jul 2007, AP Fritts wrote:
>>> > I have the same problem sometimes...but with the registrar's  
>>> website.
>>> > > > > This should fix the problem, it is with 2.6.18+'s tcp  
>>> window > > > > scaling not interacting properly with the  
>>> sfa.osu.edu server or > > > > something in between.  Vista has  
>>> the same problem sometimes, it can > > > > be fixed by running  
>>> the following command as root:
>>> > > > > > > > > echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
>>> -- 
>>> William R. Lorenz
>>> _______________________________________________
>>> Opensource mailing list
>>> Opensource at cse.ohio-state.edu
>>> http://mail.cse.ohio-state.edu/mailman/listinfo/opensource
>>
>> ---
>> Seth Hall
>> Network Security - Office of the CIO
>> The Ohio State University
>> Phone: 614-292-9721
>>
>>
>>
>
> -- 
> William R. Lorenz



More information about the Opensource mailing list