A friend of mine has a nice MythTV box on his bedroom. Suddently the box decided to not open outgoing connections anymore… I say outgoing because I could still connect to it from my home.
I could not find out what was last changed, maybe an aptitude upgrade or did he change ISP?
After some time looking around the only thing I could find out was a small difference between a SYN packet send from a remote place and the SYN packets send by the broken system:
22:56:47.855219 IP Banner.local.33509 > google.es.www: S 206185417:206185417(0) win 5840 <mss 1460,sackOK,timestamp 218414628 0,nop,wscale 5> 23:24:16.072713 IP golfos.net.42742 > Banner.local.ssh: S 1705835822:1705835822(0) win 5840 <mss 1460,sackOK,timestamp 5636642 0,nop,wscale 4>
You see, his box was sending wscale 5 and remote sites sent wscale 4, google, google, more google until I read this:
I think OpenBSD’s claim (they did have the bug and probably still do for all that I know) was that they wanted to make their firewalling “stateless” source.
Maybe the router does not know what wscale means? I disabled the router’s firewall completelly (I was sure I already did this…) and suddently everything worked fine…
Sure, I have to read more about windows scaling and try to understand what is wrong with the router’s firewall but for now: things work.