Date: Tue, 24 Jun 2014 00:31:22 +0200 From: "Felix J. Ogris" <fjo-lists@ogris.de> To: freebsd-pf@freebsd.org Subject: rdr inet6 to local ftp-proxy sends tcp rst to client Message-ID: <53A8AABA.1050801@ogris.de>
next in thread | raw e-mail | index | archive | help
Hi, this rule doesn't redirect as expected, but sends tcp rst with incorrect checksum to the client: rdr on $lanif inet6 proto tcp from port >= 1024 to port ftp -> ($lanif) port ftp-proxy Neither does "rdr pass ..." nor if I redirect to (lo) or ::1 or to the globally scoped ipv6 address bound to $lanif. The redirected connection never hits the userspace (verified with 'nc -6 -l'). pfctl -s states reports: all tcp $lanif[8021] ($ftpserver[21]) <- $client[some high port] SYN_SENT:ESTABLISHED sockstat -6 is confused: ? ? ? ? tcp6 $lanif:8021 $client:some_high_port Same behaviour on 9.2-RELEASE i386 and 10.0-RELEASE amd64. Rule has worked for years with ipv4. Maybe related to kern/179392. --Felix
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53A8AABA.1050801>