pf MTU weirdness...

["Mike Hebel" <nimitz%nimitzbrood.com@localhost>]

So I just switched to a dedicated DSL and got rid of the POTS line to save
money and in the process I re-did the firewall.

I had a clean NetBSD 4.0 Raq2 available so I used that and built a new
kernel for pf+ALTQ goodness.

Among other things I just ported my pf rules over to the new system from
an older (3.7 Sparc) OpenBSD box.  Everything works properly except that
it doesn't seem to be scrubbing packets where it did fine on the old box.

Relevant pf.conf lines:

scrub in all
scrub out on $ext_if fragment reassemble min-ttl 15 max-mss 1432

For instance I had to change the mtu on the webserver (0) before it would
properly display to the outside world due to the DSL fragmentation issue.
(Needing an mtu of 1432 or so instead of the regular 1500.)

How do I go about testing to confirm it's the firewall and not something
else?  I don't have PPPoE on my connection (thank $diety) so that
shouldn't be an issue.

Any ideas?
-- 
Mike
(0) Technically I had to use pf there too because ifconfig buggered me at
changing the MTU setting. (NetBSD 3.0 Sparc64)

If the universe is a giant stage production then it's Sweeney Todd and
we're all meat-pies.