Date: Wed, 9 Feb 2005 22:58:32 +0100 From: Andy Hilker <ah@crypta.net> To: freebsd-pf@freebsd.org Subject: Re: problems with synproxy on 5.3-stable Message-ID: <20050209215832.GA22874@mail.crypta.net> In-Reply-To: <200502091945.01577.max@love2party.net> References: <20050209131055.GA94001@mail.crypta.net> <200502091945.01577.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] You (Max Laier) wrote: > Not really, but tcpdump can help. Add log-all to the synproxy and try to > watch the connection in tcpdump on pflog0 with something like: > $tcpdump -n -e -ttt -i pflog0 rulenum <rule#> and host "testip" > > You might also want to raise the debugging level with "$pfctl -x misc" and > watch the console for BAD state messages. Ok, i modified my ruleset like this: [...] set loginterface $if_ext [...] pass in log quick on $if_ext proto tcp from any to <www_servers> port = 80 flags S/SA synproxy state Then typed "pfctl -x loud" and "tcpdump -n -e -ttt -i pflog0". Output looks like without "pfctl -x loud". Where do i see debug output? > Keep us posted, thanks. Yes, sure. But before I call the person who has problems and let him try again, I have to be sure, to debug the right way. bye, Andy [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCCoeINdaVG+xuEHERAqoYAJ9+zw/rUSOTuPU3ID5UC+yrU/SV2ACggK9r 7xSDx6LccEaTLXUTGK3orTo= =th+X -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050209215832.GA22874>