Re: pf synproxy doesn't pass to local services

To: netbsd-users%NetBSD.org@localhost, tech-net%NetBSD.org@localhost
Subject: Re: pf synproxy doesn't pass to local services
From: "John D. Baker" <jdbaker%mylinuxisp.com@localhost>
Date: Wed, 6 Feb 2008 07:20:30 -0600 (CST)

I've repeated my tests on -current/macppc and it behaves the same way.

If a pf rule allowing access to a local service (such as SSH) uses
"synproxy state", the TCP handshake is proxied with the client, but
the connection is apparently not passed to the daemon, (such as 'sshd').

If the rule uses "modulate state" or just "keep state", the connection
to the service succeeds.

It the rule allows access to a service through a connection redirected
to another host, "synproxy state" works fine.

--
John D. Baker, KN5UKS                    NetBSD     Darwin/MacOS X
jdbaker(at)mylinuxisp(dot)com                 OpenBSD            FreeBSD
BSD -- It just sits there and _works_!
GPG fingerprint:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645

Prev by Date: Issue with Ipv6 Link local address
Next by Date: Re: Issue with Ipv6 Link local address
Previous by Thread: pf synproxy doesn't pass to local services
Next by Thread: Issue with Ipv6 Link local address
Indexes:

Home | Main Index | Thread Index | Old Index