On Fri, Jan 23, 2004 at 03:35:50PM -0700, duncan wrote: > I tried to implement synproxy the other day and found that some of our > clients couldn't connect to our http servers.
The rule looks ok (including the flags), you'll need to provide more information about how it is not working. Make sure you have 'log' on all 'block' and 'scrub' rules, enable debug logging (pfctl -xm), then reproduce the problem. Do you get anything in pflog or /var/log/messages? Run tcpdump -nvvvpXi $ext_if and capture the handshake of one failed connection and post it. If you see a complete handshake (SYN, SYN+ACK, ACK) on the external interface, tcpdump on the internal interface as well and repeat. Daniel
