Posts Tagged ‘Windows’

FreeBSD + pf problem with window scaling

FreeBSD, Problems, Windows | Posted by epistasis
Sep 13 2009

I’ve been having problems for a while with window scaling on my network. I run a FreeBSD router utilising pf for NAT/firewall. Some computers (those with Vista, Windows 7, or recent Ubuntu releases installed) could not establish connections to Google and some other websites, and applications such as Windows Live (MSN) Messenger could not establish connections.

On Windows Vista and Windows 7, disabling window scaling (also called Receive Window Auto-Tuning) with the following command was a successful patch for the problem:

netsh interface tcp set global autotuninglevel=disabled

In Ubuntu the same patch was to modify /etc/sysctl.conf to disable window scaling. I added the following line:

net.ipv4.tcp_window_scaling: 0

This was only a temporary fix however as I did not want to have to disable the feature all the time.

To properly support TCP window scaling, pf must create a state on the initial SYN packet of connection.

If the state is created on a subsequent packet (like when the SYN is  accidentally passed without creating a state, and the state is created on the returning SYN+ACK), pf has missed the window scaling negotiation
containing the scaling factors, and will eventually stall connections. Each peer’s scaling factor is only seen in its SYN packet, and can’t be deduced later on.

Check your ruleset and verify that

a) there is a default block policy
b) all ‘pass’ rules applying to TCP have both ‘keep state’ and ‘flags S/SA’.

That was it! Vista, 7 and Ubuntu were happy again, with default settings so I was able to re-enable Windows auto-tuning by typing:

netsh interface tcp set global autotuninglevel=normal

and for Ubuntu, I was able to erase the line in /etc/sysctl.conf.

Windows Server 2003 Quick Launch Permission Errors

Problems | Posted by epistasis
May 17 2009

Problem: I’ve been trying to fix this for ages. Basically, when logged on as Administrator to my Windows 2003 Server box, using folder redirection (particularly for the Application Data folder, which is where the user’s quick launch is stored – App Data\Microsoft\Internet Explorer\Quick Launch), and redirecting over a share (even though the share is on the same server), clicking any quick launch items brings up an error saying “You may not have the appropriate permissions” etc.

Solution: After lots of googling I found the answer is to add the file server to the ‘Intranet’ zone under the Security tab of Internet Explorer. (i.e. add server or http://server). This will make the quick launch work again. If you want to reload the quick launch, go into task manager and kill explorer.exe, then start it up again.

Windows 7 </3 IE8

Windows 7 | Posted by epistasis
Mar 06 2009

Hmm, so Microsoft have confirmed that users of Windows 7 will be able to ‘turn on or off’ Internet Explorer. Or have they? Turning off IE8 in Windows 7 seemingly does what was already possible – that is, simply deletes the iexplore.exe file. This is hardly ‘disabling’ the browser, as many DLLs and other parts of the browser still remain, not to mention that Windows will probably ask you a thousand times if you’re sure you want to disable it.

I think it’s fairly safe to say that the only reason Microsoft are doing this is to appease Brussels. They’ve got the anti-trust case over including IE with Windows and this is a quickfix.. or should I say hotfix. Oh it makes sense now.. if it’s a hotfix.. it’s meant to be rubbish.

Anyway, I’m going to toddle off and find a copy of build 7048 now and check out the differences between it and the public beta (build 7000). Wish me luck 🙂

Windows 7 Beta

Windows 7 | Posted by epistasis
Jan 28 2009

I am currently evaluating the Windows 7 Beta. Please watch this space for my review on it!

Windows Server 2008 – Server Core

Windows Server 2008 | Posted by epistasis
Jan 28 2009

Ok, so I’m going to start tinkering about with server core… it looks good from what I’ve done on it so far, and I hope to post some information on how to get started with server core very soon.