Hi!
I'm using 5.1-stable on two machines with pppoe connections. The pf synproxy state option doesn't work on pppoe interfaces, it just sends back a TCP reset when trying to connect to a port configured with synproxy state. Meanwhile it works on any other interface (eg. the internal LAN interface). This rule works: pass in quick on vge0 inet proto tcp from any to vge0 port 5555 synproxy state This rule doesn't work: pass in quick on pppoe0 inet proto tcp from any to pppoe0 port 5555 synproxy state I'm testing with simple `nc -l 5555` listens and `nc <dst> 5555` connections. When connecting to the pppoe interface this is happening: Aug 16 12:08:55.383308 <client>.5451 > <host>.5555: S 1485898386:1485898386(0) win 16384 <mss 1452,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1254725494 0> (DF) Aug 16 12:08:55.383384 <host>.5555 > <client>.5451: S 639112012:639112012(0) ack 1485898387 win 0 <mss 1452> (DF) [tos 0x10] Aug 16 12:08:55.397346 <client>.5451 > <host>.5555: . ack 1 win 16384 (DF) Aug 16 12:08:55.397368 <host>.5555 > <client>.5451: R 3655855284:3655855284(0) ack 752585916 win 0 (DF) [tos 0x10] When connecting to a "real" interface (in this case vge0) eg. on a LAN, synproxy state works. Now I don't know since when this isn't working because I'm only using pppoe since 5.1. Any help would be appreciated. Thanks, Daniel -- LÉVAI Dániel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
