I tried to implement synproxy the other day and found that some of our clients couldn't connect to our http servers.


        pass in quick on $ext inet proto tcp \
        from any port $safe to $httpdservers port http \
        flags S/SA synproxy state

I'm including my http server rules just in case my problem is the has something to do with them.

        pass in quick on $ext inet proto tcp \
        from any port $safe to $httpdservers port http \
        flags S/SA keep state

        pass out quick on $ext inet proto tcp \
        from $httpdservers port http to any port $safe \
        flags S/SA keep  state


Do I need to change the flags and state declaration to something other than S/SA keep state, should it be SA/SA keep state?




Reply via email to