I know I'm doing something (semi) silly, but this might be considered a bug.
My mail server has both IPv6 and IPv4, and most everything is dual, except
for pop3. If I enable synproxy on that server, it seems to hang. I
believe what it does, is my client connects to PF, it does the
three-way-handshake, then PF tries to connect to the server. Normally this
would be good, except that pop3 isn't listening on the IPv6 address that the
hostname resolves to. (OpenBSD tries IPv6 first, then IPv4.)
Without synproxy, the client attempts to connect to the server, gets denied,
and fails-over to IPv4. With synproxy, it just stays on the IPv6 address,
but nothing is listening. Is this expected behaivor? Am I just being
silly?
# sudo pfctl -sr
pass in proto tcp all synproxy state
#
--
Nature is by and large to be found out of doors, a location where, it
cannot be argued, there are never enough comfortable chairs.
-- Fran Leibowitz
