10 2:01 PM, Justin wrote:
Ahh. That explains it then. I was operating under the assumption
that the machine doing the synproxy would forge the reply such that
the TARGET host would reply to the synproxy box, not its default gateway.
As in 1.2.3.4 request to client 5.5.5.5 via -> 2.3.4.5, f
e?
On 7/28/2010 1:22 PM, Daniel Hartmeier wrote:
On Wed, Jul 28, 2010 at 01:04:42PM -0700, Justin wrote:
Logged to files and dumped;
Outside:
19:58:09.571810 IP (tos 0x0, ttl 118, id 12726, offset 0, flags [DF],
proto TCP
(6), length 52)
REMOTE_CLIENT.56270> TARGET_HOST.80: Flags [S],
12a8 creatorid: e7945cd2
Never gets beyond that.
On 7/28/2010 12:06 AM, Daniel Hartmeier wrote:
On Tue, Jul 27, 2010 at 07:24:56PM -0700, Justin wrote:
- tcpdumps showing the initial connect attempt (logs below were
furhter along the process);
external:
02:21:25.595977 IP (tos
12a8 creatorid: e7945cd2
Never gets beyond that.
On 7/28/2010 12:06 AM, Daniel Hartmeier wrote:
On Tue, Jul 27, 2010 at 07:24:56PM -0700, Justin wrote:
- tcpdumps showing the initial connect attempt (logs below were
furhter along the process);
external:
02:21:25.595977 IP (tos
s 0x0, ttl 118, id 22017, offset 0, flags [DF],
proto TCP
(6), length 40)
On 7/27/2010 6:51 PM, Justin wrote:
Hello Daniel,
Didn't get any sort of information from pfctl -x misc. Here's the
output from the commands you suggested;
(3 SSH connections to run/log the tcpdump and
Hartmeier wrote:
On Mon, Jul 26, 2010 at 05:26:21AM -0700, Justin wrote:
When using synproxy state - the connection never completes. If we change
synproxy to keep, everything works fine. Alternately, if the service in
question is running locally on the actual firewall itself, I'll see
state
... it's not an if_bridge, thanks.
On 7/26/2010 7:05 AM, Denny Lin wrote:
On Mon, Jul 26, 2010 at 05:26:21AM -0700, Justin wrote:
Hello all - I've tried searching the list but it seems something is
broken and I'm getting 500 errors. Alas,
Is there something uni
d and there appears to be no change.
Is this a bug? Have I missed something totally obvious?
-Justin
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
uick on rl0 proto tcp from to rl0 port 25
block in quick on rl0 proto tcp from to rl0 port 25
block in quick on rl0 proto tcp from to rl0 port 25
pass in on rl0 proto tcp from any to rl0 port 25
pass in on rl0 proto tcp from any to rl0 port 110
pass in on
