On Thursday 16 March 2006 07:39, Yuriy N. Shkandybin wrote: > Hello > > from ealier 6.0 there is problem with synproxy in pf filter: > this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006 > > pf.conf just with single rule > pass in quick on lo0 proto tcp from any to any port 22 flags > S/SA synproxy state > > result > telnet 127.0.0.1 22 > Trying 127.0.0.1... > Connected to 127.0.0.1. > Escape character is '^]'. > > and it's hangs > > pfctl -s rules -v > No ALTQ support in kernel > ALTQ related functions disabled > pass in quick on lo0 proto tcp from any to any port = ssh flags > S/SA synproxy state [ Evaluations: 966392 Packets: 0 > Bytes: 0 States: 1 ] > > > pfctl -s state > No ALTQ support in kernel > ALTQ related functions disabled > self tcp 127.0.0.1:22 <- 127.0.0.1:44819 PROXY:DST > > without synproxy all is ok > > There is PR 86072 about that with unclear results. > > > Jura
Hi. Do you have "set state-policy if-bound" in your options section of /etc/pf.conf? That's cleared up synproxy problems for me before. hth, jon b _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
