On May 20, 2005, at 2:47 AM, Adam Papai wrote:
Regards.
I have a problem with pf synproxy.
I set up:
pass in on fxp0 proto tcp from any to $server_ip port www flags S/SA synproxy state
pfctl -f /etc/pf.conf
After this, when I want to connect to my webserver I get this for: pfctl -s a | grep self
self tcp server-ip:80 <- my-ip:43264 PROXY:DST self tcp server-ip:80 <- my-ip:56885 PROXY:DST
And it doesn't want to connect. Only "Loading page.."
Release OpenBSD 3.6.
Any suggestion? In my 3.5 box it's working.
Check to make sure that you're allowing the same outbound connection from the firewall on $int_if to your server. I just tested it on 3.6 -release and it works fine (fxp1=$ext_if).
# tcpdump -nettti pflog0 port 22
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: listening on pflog0
May 20 01:48:59.837676 rule 8/0(match): pass in on fxp1: 192.168.0.14.55646 > 10.0.0.101.22: S 4247019277:4247019277(0) win 65535 <mss 1460,nop,wscale 0,[|tcp]>
May 20 01:48:59.837809 rule 9/0(match): pass out on fxp0: 192.168.0.14.55646 > 10.0.0.101.22: S 4247019277:4247019277(0) win 65535 <mss 1460,nop,wscale 0,[|tcp]>
# pfctl -ss | grep self
self tcp 10.0.0.101:22 <- 192.168.0.31:22 <- 192.168.0.14:55646 ESTABLISHED:ESTABLISHED
self tcp 192.168.0.14:55646 -> 10.0.0.101:22 ESTABLISHED:ESTABLISHED
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
