On cs, aug 16, 2012 at 14:26:05 +0200, LEVAI Daniel wrote: > On cs, aug 16, 2012 at 12:20:56 +0100, Kevin Chadwick wrote: > > > Any help would be appreciated. > > > > Works for me on 5.1 > > > > I don't think it's the rule but the combination of rules. Try reordering > > your ruleset. I've had a problem before but I forget or never found the > > specific reason. > > Okay, okay, I'm trying to get my head around this, but how do you > explain that changing *only* the 'synproxy' word to 'keep' in the exact > same rule makes it working again (not changing order, combination, > nothing, but only changing synproxy state to the default keep state)?
There is definitely something wrong with pppoe + synproxy state: # pfctl -sr pass all flags S/SA pass in on pppoe0 inet proto tcp from <src> to <dst> port = 5555 flags S/SA synproxy state This is the only rule. Otherwise it's just 'pass all'. If I remove this rule too *or* change synproxy to keep, the connection is working. I can reproduce this on two different machines, with different ISPs and different NICs facing the ISPs using pppoe. Daniel -- LÉVAI Dániel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
