> > rdr dc0 194.126.106.106/32 port 1723 -> 127.0.0.1 port 1723 proxy pptp > > > > pass in log first quick on dc0 proto tcp \ > > from any to 127.0.0.1/32 port = 1723 \ > > flags S keep state > > > > You're using the proxy in a way I doubt it has been written to work with :) > > I was sort of suspecting that :-) > > > If you do an "ipnat -l" and "ipfstat -sl", can you see NAT/state entries > > that should match the 2nd packet above that gets blocked ? > > ipnat -l shows the following: > > RDR 127.0.0.1 1723 <- -> 194.126.106.106 1723 [194.126.106.110 1814] > proxy pptp/6 use 2 flags 0 > proto 6 flags 0 bytes 868 pkts 8 data YES size 316 > > I think I should also see some 'proto 47' entries listed here?
Yes. Try running ipmon as "ipmon -a". I suspect it just disappears quicker than the state entry. Darren
