NetBSD-Users archive

Re: pf synproxy doesn't pass to local services

I've repeated my tests on -current/macppc and it behaves the same way.

If a pf rule allowing access to a local service (such as SSH) uses
"synproxy state", the TCP handshake is proxied with the client, but
the connection is apparently not passed to the daemon, (such as 'sshd').

If the rule uses "modulate state" or just "keep state", the connection
to the service succeeds.

It the rule allows access to a service through a connection redirected
to another host, "synproxy state" works fine.

