thank you Matt and jeff ,you are right.
now
# tcpdump tcp port www #
14:15:07.899030 167.189.45.0.15724 XXX.XXX.X.XXX.www: S
1731350873:1731350873(0) win 16384
14:15:07.899132 23.138.127.48.17439 XXX.XXX.X.XXX.www: S
1731350793:1731350793(0)
The scrubbing process will cause PF to drop any incomin packets with illegal
TCP flag
combinations(such as SYN+FIN).It happened before pass and block.
Define a filter to drop the packets with SYN+FIN flags set.
Mihai
jeff wrote:
Sean Knox wrote:
tcpdump logs and pf.conf snipped
The only
# tcpdump tcp port www #
12:23:56.149316 44.199.41.224.57807 XXX.XXX.X.XXX.www: S
1731400694:1731400694(0) win
16384
12:23:56.149422 189.51.106.160.64931 XXX.XXX.X.XXX.www: S
1731400698:1731400698(0) win
16384
12:23:56.149541
sorry to reply late,my english is pool.
no problem to this:
##
#net.inet.ip.forwarding=1#
#pfctl -e#
##
##
# pfctl -v -sr today #
##
scrub in all fragment reassemble
[
#/etc/pf.conf #
ext_if=\fxp0\
int_if=\rl0\
web_server=\192.168.0.1\
pcanywhere_port=\5631\
sql=\1433\
#table spamd persist
#table spamd-white persist
scrub in
rdr pass on $ext_if proto tcp from any to port www - $web_server
5 matches
Mail list logo
