Hi!

I'm running OpenBSD 3.9 GENERIC as a NAT router.

If I add the "reassemble tcp" option to my scrub rule in pf.conf,
I have trouble connecting to some sites, particulary ebay (ebay.de,
ebay.at and ebay.com as well as e.g. kaufen.ebay.de) and
some other few sites, from a machine behind the NAT router.

Connects time out or have long delays if the site responds at all.
If connecting directly from OpenBSD, using lynx or squid running on
the router, there is no problem.

If I omit "reassemble tcp" everything works fine, i.e. with:
scrub all no-df fragment reassemble random-id

I've never noticed the problem before because I was running the
squid proxy on the router. Now I've moved it to a different machine
which is NATted too. Please note that it is not a squid issue
as timeouts occur regardless of proxy use if on a NATted machine.

Unfortunately I cannot determine why only some sites have troubles
and that's why I seeking advice here on howto further diagnose
the problem.

Any hints are appreciated!

Regards,
Walter