Hi,
this rule doesn't redirect as expected, but sends tcp rst with incorrect
checksum to the client:
rdr on $lanif inet6 proto tcp from port >= 1024 to port ftp -> ($lanif)
port ftp-proxy
Neither does "rdr pass ..." nor if I redirect to (lo) or ::1 or to the
globally scoped ipv6 address bound to $lanif. The redirected connection
never hits the userspace (verified with 'nc -6 -l').
pfctl -s states reports:
all tcp $lanif[8021] ($ftpserver[21]) <- $client[some high port]
SYN_SENT:ESTABLISHED
sockstat -6 is confused:
? ? ? ? tcp6 $lanif:8021 $client:some_high_port
Same behaviour on 9.2-RELEASE i386 and 10.0-RELEASE amd64. Rule has
worked for years with ipv4. Maybe related to kern/179392.
--Felix
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
