Date: Wed, 9 Feb 2005 19:44:40 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: problems with synproxy on 5.3-stable Message-ID: <200502091945.01577.max@love2party.net> In-Reply-To: <20050209131055.GA94001@mail.crypta.net> References: <20050209131055.GA94001@mail.crypta.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2006107.KzJc7PKIdS Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 09 February 2005 14:10, Andy Hilker wrote: > Hi, > > i have migrated from ipfilter to pf and have problems with synproxy. > First: many thanks for importing pf to freebsd :) > > pf protects only localhost with multiple IPs and jails. There is > only 1 outside interface. > > When i use "keep state" everything works normally. If using synproxy > a few people having problems accessing pop3 and http on my server. > Requests are incomplete or corrupt (for example get requests in > httpd-access.log). But it seems that this problem occurs only for > a few people. > > Is there any way to "count" or monitor the activity of synproxy to > see how much clients are blocked? > Any ideas why synproxy does not work at this "few peoples"? Not really, but tcpdump can help. Add log-all to the synproxy and try to=20 watch the connection in tcpdump on pflog0 with something like: $tcpdump -n -e -ttt -i pflog0 rulenum <rule#> and host "testip" You might also want to raise the debugging level with "$pfctl -x misc" and= =20 watch the console for BAD state messages. Keep us posted, thanks. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2006107.KzJc7PKIdS Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCClotXyyEoT62BG0RArnBAJ9aymyFn/+5/n+ZQmvk1/nnCZzPOgCfTZGD D5cQx+Ur2RH1StKVa2+c7ks= =mH/l -----END PGP SIGNATURE----- --nextPart2006107.KzJc7PKIdS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502091945.01577.max>