[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] k_deftl 2.4.20-100 problems accessing IIS sites through OpenBSD 3.4 Beta firewall
SuSE clients running k_deftl kernel 2.4.20-100 have problems accessing some
Microsoft IIS web servers, if they are behind an OpenBSD 3.4 Beta firewall
with packet normalizations using the new "reassemble tcp" option in "scrub".
After reinstalling the default kernel for the 8.2 Pro from the DVD, the
problem goes away. Non-IIS sites does not have this problem.
Some more information about this option may be found (with URL broken in three
For your information, here is the e-mail I sent to the OpenBSD packet filter
mailing list :
Not sure if this should be reported as a bug or not, so please bear with me.
A "scrub on $ext_if reassemble tcp" will deny some SuSE clients access to some
Microsoft IIS webservers. This appears to be an issue with SuSE's latest
kernel (2.4.20-100) only.
I'm not sure it it's the IIS servers themselves or some other strange things
happening, but the following sites (using IIS, according to netcraft.com)
cannot be browsed :
While the following works
The Windows, Mac and OpenBSD clients behind the firewall can access those
sites just fine.
If I use "scrub on $ext_if", then there is no problems with SuSE clients.
I rebuilt kernel/userland yesterday using -current.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here