Date: Wed, 9 Feb 2005 22:58:32 +0100 From: Andy Hilker <ah@crypta.net> To: freebsd-pf@freebsd.org Subject: Re: problems with synproxy on 5.3-stable Message-ID: <20050209215832.GA22874@mail.crypta.net> In-Reply-To: <200502091945.01577.max@love2party.net> References: <20050209131055.GA94001@mail.crypta.net> <200502091945.01577.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable You (Max Laier) wrote: > Not really, but tcpdump can help. Add log-all to the synproxy and try to= =20 > watch the connection in tcpdump on pflog0 with something like: > $tcpdump -n -e -ttt -i pflog0 rulenum <rule#> and host "testip" >=20 > You might also want to raise the debugging level with "$pfctl -x misc" an= d=20 > watch the console for BAD state messages. Ok, i modified my ruleset like this: [...] set loginterface $if_ext [...] pass in log quick on $if_ext proto tcp from any to <www_servers>= port =3D 80 flags S/SA synproxy state Then typed "pfctl -x loud" and "tcpdump -n -e -ttt -i pflog0". Output looks like without "pfctl -x loud". Where do i see debug output? > Keep us posted, thanks. Yes, sure. But before I call the person who has problems and let him try again, I have to be sure, to debug the right way. bye, Andy --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCCoeINdaVG+xuEHERAqoYAJ9+zw/rUSOTuPU3ID5UC+yrU/SV2ACggK9r 7xSDx6LccEaTLXUTGK3orTo= =th+X -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050209215832.GA22874>