rdr inet6 to local ftp-proxy sends tcp rst to client
Felix J. Ogris
fjo-lists at ogris.de
Mon Jun 23 22:31:32 UTC 2014
Hi,
this rule doesn't redirect as expected, but sends tcp rst with incorrect
checksum to the client:
rdr on $lanif inet6 proto tcp from port >= 1024 to port ftp -> ($lanif)
port ftp-proxy
Neither does "rdr pass ..." nor if I redirect to (lo) or ::1 or to the
globally scoped ipv6 address bound to $lanif. The redirected connection
never hits the userspace (verified with 'nc -6 -l').
pfctl -s states reports:
all tcp $lanif[8021] ($ftpserver[21]) <- $client[some high port]
SYN_SENT:ESTABLISHED
sockstat -6 is confused:
? ? ? ? tcp6 $lanif:8021 $client:some_high_port
Same behaviour on 9.2-RELEASE i386 and 10.0-RELEASE amd64. Rule has
worked for years with ipv4. Maybe related to kern/179392.
--Felix
More information about the freebsd-pf
mailing list