Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 04 Nov 2008 11:23:08 +0100
From:      Matthias Kellermann <mk@adminlife.net>
To:        Jeremy Chadwick <koitsu@FreeBSD.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: rdr rule does not work (bad hdr length)
Message-ID:  <4910228C.3020400@adminlife.net>
In-Reply-To: <20081104095748.GA44045@icarus.home.lan>
References:  <491012AE.7000409@adminlife.net> <20081104093800.GA43676@icarus.home.lan> <49101B48.2060704@adminlife.net> <20081104095748.GA44045@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 
Jeremy Chadwick wrote:
> Try changing "synproxy state" to "keep state", and see if you have the
> same problem.  Note that you may need to reset your state table after
> changing this rule (see pfctl -k).

Ok, I tried that. Here is the result:

# tcpdump -s 256 -netttvvi pflog0
000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 35529,
offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.38439 >
192.168.0.10.23: S, cksum 0x5fae (correct), 3300997001:3300997001(0) win
5840 <mss 1460,sackOK,timestamp 2866496 0,nop,wscale 6>
2. 998190 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 35530,
offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.38439 >
192.168.0.10.23: S, cksum 0x5cc0 (correct), 3300997001:3300997001(0) win
5840 <mss 1460,sackOK,timestamp 2867246 0,nop,wscale 6>
6. 000214 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 35531,
offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.38439 >
192.168.0.10.23: S, cksum 0x56e4 (correct), 3300997001:3300997001(0) win
5840 <mss 1460,sackOK,timestamp 2868746 0,nop,wscale 6>
12. 000425 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id
35532, offset 0, flags [DF], proto TCP (6), length 60)
192.168.0.51.38439 > 192.168.0.10.23: S, cksum 0x4b2c (correct),
3300997001:3300997001(0) win 5840 <mss 1460,sackOK,timestamp 2871746
0,nop,wscale 6

If I stop the connection attempts from the client the tcpdump output
stops too.

Regards,
Matthias

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4910228C.3020400>