From owner-freebsd-pf@FreeBSD.ORG Wed Feb 9 13:10:58 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 985BE16A4CE for ; Wed, 9 Feb 2005 13:10:58 +0000 (GMT) Received: from mail.crypta.net (mail.crypta.net [83.136.131.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0745543D1D for ; Wed, 9 Feb 2005 13:10:58 +0000 (GMT) (envelope-from ah@crypta.net) Received: by mail.crypta.net ([crypta.net] mailer, from userid 1001) id 899F2ECD406; Wed, 9 Feb 2005 14:10:56 +0100 (CET) Date: Wed, 9 Feb 2005 14:10:55 +0100 From: Andy Hilker To: freebsd-pf@freebsd.org Message-ID: <20050209131055.GA94001@mail.crypta.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0xEC6E1071 X-PGP-Fingerprint: 9B2E 5892 AD93 D5C5 FB8E 3912 35D6 951B EC6E 1071 Organization: cryptobank - Andy Hilker Subject: problems with synproxy on 5.3-stable X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 13:10:58 -0000 Hi, i have migrated from ipfilter to pf and have problems with synproxy. First: many thanks for importing pf to freebsd :) pf protects only localhost with multiple IPs and jails. There is only 1 outside interface. When i use "keep state" everything works normally. If using synproxy a few people having problems accessing pop3 and http on my server. Requests are incomplete or corrupt (for example get requests in httpd-access.log). But it seems that this problem occurs only for a few people. Is there any way to "count" or monitor the activity of synproxy to see how much clients are blocked? Any ideas why synproxy does not work at this "few peoples"? Thanks in advance and best regards, Andy