Archive for the ‘Windows’ Category

FreeBSD + pf problem with window scaling

FreeBSD, Problems, Windows | Posted by epistasis
Sep 13 2009

I’ve been having problems for a while with window scaling on my network. I run a FreeBSD router utilising pf for NAT/firewall. Some computers (those with Vista, Windows 7, or recent Ubuntu releases installed) could not establish connections to Google and some other websites, and applications such as Windows Live (MSN) Messenger could not establish connections.

On Windows Vista and Windows 7, disabling window scaling (also called Receive Window Auto-Tuning) with the following command was a successful patch for the problem:

netsh interface tcp set global autotuninglevel=disabled

In Ubuntu the same patch was to modify /etc/sysctl.conf to disable window scaling. I added the following line:

net.ipv4.tcp_window_scaling: 0

This was only a temporary fix however as I did not want to have to disable the feature all the time.

To properly support TCP window scaling, pf must create a state on the initial SYN packet of connection.

If the state is created on a subsequent packet (like when the SYN is  accidentally passed without creating a state, and the state is created on the returning SYN+ACK), pf has missed the window scaling negotiation
containing the scaling factors, and will eventually stall connections. Each peer’s scaling factor is only seen in its SYN packet, and can’t be deduced later on.

Check your ruleset and verify that

a) there is a default block policy
b) all ‘pass’ rules applying to TCP have both ‘keep state’ and ‘flags S/SA’.

That was it! Vista, 7 and Ubuntu were happy again, with default settings so I was able to re-enable Windows auto-tuning by typing:

netsh interface tcp set global autotuninglevel=normal

and for Ubuntu, I was able to erase the line in /etc/sysctl.conf.

Finally…

Windows | Posted by epistasis
Aug 10 2009

Ok so I’ve just moved house and I’m currently settling into a new place…

This weekend I will be getting my hands on a ‘legit’ RTM version of Windows 7, so I’ll be evaluating that for a while now. Will probably give my opinion during next week.

Likely going to try and find myself a cheap, low-spec 64-bit machine so that I can try out sever 08 R2 on it..

Windows 7 </3 IE8

Windows 7 | Posted by epistasis
Mar 06 2009

Hmm, so Microsoft have confirmed that users of Windows 7 will be able to ‘turn on or off’ Internet Explorer. Or have they? Turning off IE8 in Windows 7 seemingly does what was already possible – that is, simply deletes the iexplore.exe file. This is hardly ‘disabling’ the browser, as many DLLs and other parts of the browser still remain, not to mention that Windows will probably ask you a thousand times if you’re sure you want to disable it.

I think it’s fairly safe to say that the only reason Microsoft are doing this is to appease Brussels. They’ve got the anti-trust case over including IE with Windows and this is a quickfix.. or should I say hotfix. Oh it makes sense now.. if it’s a hotfix.. it’s meant to be rubbish.

Anyway, I’m going to toddle off and find a copy of build 7048 now and check out the differences between it and the public beta (build 7000). Wish me luck 🙂

Windows 7 Beta

Windows 7 | Posted by epistasis
Jan 28 2009

I am currently evaluating the Windows 7 Beta. Please watch this space for my review on it!

Windows Server 2008 – Server Core

Windows Server 2008 | Posted by epistasis
Jan 28 2009

Ok, so I’m going to start tinkering about with server core… it looks good from what I’ve done on it so far, and I hope to post some information on how to get started with server core very soon.