I've add
set state-policy if-bound
in config file and problem persist.
Jura
On Thursday 16 March 2006 07:39, Yuriy N. Shkandybin wrote:
Hello
from ealier 6.0 there is problem with synproxy in pf filter:
this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006
pf.conf just with single rule
pass in quick on lo0 proto tcp from any to any port 22 flags
S/SA synproxy state
result
telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
and it's hangs
pfctl -s rules -v
No ALTQ support in kernel
ALTQ related functions disabled
pass in quick on lo0 proto tcp from any to any port = ssh flags
S/SA synproxy state [ Evaluations: 966392 Packets: 0
Bytes: 0 States: 1 ]
pfctl -s state
No ALTQ support in kernel
ALTQ related functions disabled
self tcp 127.0.0.1:22 <- 127.0.0.1:44819 PROXY:DST
without synproxy all is ok
There is PR 86072 about that with unclear results.
Jura
Hi.
Do you have
"set state-policy if-bound"
in your options section of /etc/pf.conf? That's cleared up
synproxy problems for me before.
hth,
jon b
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
