From owner-freebsd-pf@FreeBSD.ORG Thu Jun 16 20:14:52 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 014BD16A41C for ; Thu, 16 Jun 2005 20:14:52 +0000 (GMT) (envelope-from ah@crypta.net) Received: from mail.crypta.net (mail.crypta.net [83.136.131.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id B87FE43D53 for ; Thu, 16 Jun 2005 20:14:51 +0000 (GMT) (envelope-from ah@crypta.net) Received: by mail.crypta.net (cryptobank/eProtect-smtpd, from userid 1001) id 04B3AECD414; Thu, 16 Jun 2005 22:14:49 +0200 (CEST) Date: Thu, 16 Jun 2005 22:14:48 +0200 From: Andy Hilker To: jon@abccomm.com Message-ID: <20050616201448.GB1149@mail.crypta.net> References: <20050616191047.GA98176@mail.crypta.net> <8eea0408050616123835594e12@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8eea0408050616123835594e12@mail.gmail.com> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0xEC6E1071 X-PGP-Fingerprint: 9B2E 5892 AD93 D5C5 FB8E 3912 35D6 951B EC6E 1071 Organization: cryptobank - Andy Hilker Cc: freebsd-pf@freebsd.org Subject: Re: synproxy and states X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 20:14:52 -0000 Hi, You (Jon Simola) wrote: > If that's a bridge config, synproxy will not work. It's not possible > to tell from the documentation you provided. No, it is the pf box is acting as gateway. But the reply packet from webserver is dropped at the dmz interface. If I allow this reply explicitly, synproxy works. Obviously I have a problem with state table entries. bye, Andy