Date: Thu, 16 Mar 2006 16:59:23 +0300 From: "Yuriy N. Shkandybin" <jura@networks.ru> To: "jon butchar" <butchar.2@osu.edu>, <freebsd-stable@freebsd.org> Subject: Re: pf: synproxy broken Message-ID: <004b01c64901$d563a4b0$0701010a@notebook> References: <000e01c648f6$a92bc310$0701010a@notebook> <200603160843.59902.butchar.2@osu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I've add set state-policy if-bound in config file and problem persist. Jura > On Thursday 16 March 2006 07:39, Yuriy N. Shkandybin wrote: >> Hello >> >> from ealier 6.0 there is problem with synproxy in pf filter: >> this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006 >> >> pf.conf just with single rule >> pass in quick on lo0 proto tcp from any to any port 22 flags >> S/SA synproxy state >> >> result >> telnet 127.0.0.1 22 >> Trying 127.0.0.1... >> Connected to 127.0.0.1. >> Escape character is '^]'. >> >> and it's hangs >> >> pfctl -s rules -v >> No ALTQ support in kernel >> ALTQ related functions disabled >> pass in quick on lo0 proto tcp from any to any port = ssh flags >> S/SA synproxy state [ Evaluations: 966392 Packets: 0 >> Bytes: 0 States: 1 ] >> >> >> pfctl -s state >> No ALTQ support in kernel >> ALTQ related functions disabled >> self tcp 127.0.0.1:22 <- 127.0.0.1:44819 PROXY:DST >> >> without synproxy all is ok >> >> There is PR 86072 about that with unclear results. >> >> >> Jura > > Hi. > > Do you have > "set state-policy if-bound" > in your options section of /etc/pf.conf? That's cleared up > synproxy problems for me before. > > hth, > > jon b > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004b01c64901$d563a4b0$0701010a>