problems with synproxy on 5.3-stable
Andy Hilker
ah at crypta.net
Wed Feb 9 13:58:38 PST 2005
You (Max Laier) wrote:
> Not really, but tcpdump can help. Add log-all to the synproxy and try to
> watch the connection in tcpdump on pflog0 with something like:
> $tcpdump -n -e -ttt -i pflog0 rulenum <rule#> and host "testip"
>
> You might also want to raise the debugging level with "$pfctl -x misc" and
> watch the console for BAD state messages.
Ok, i modified my ruleset like this:
[...]
set loginterface $if_ext
[...]
pass in log quick on $if_ext proto tcp from any to <www_servers> port = 80 flags S/SA synproxy state
Then typed "pfctl -x loud" and "tcpdump -n -e -ttt -i pflog0".
Output looks like without "pfctl -x loud". Where do i see debug output?
> Keep us posted, thanks.
Yes, sure.
But before I call the person who has problems and let him try again,
I have to be sure, to debug the right way.
bye,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050209/4b5d089f/attachment.bin
More information about the freebsd-pf
mailing list