Re: kern/48377: pf "synproxy state" hangs connections to local services

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,jdbaker%mylinuxisp.com@localhost
Subject: Re: kern/48377: pf "synproxy state" hangs connections to local services
From: "John D. Baker" <jdbaker%mylinuxisp.com@localhost>
Date: Thu, 15 Jan 2015 15:45:00 +0000 (UTC)

The following reply was made to PR kern/48377; it has been noted by GNATS.

From: "John D. Baker" <jdbaker%mylinuxisp.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/48377: pf "synproxy state" hangs connections to local
 services
Date: Thu, 15 Jan 2015 09:43:44 -0600 (CST)

 After some thought and reading 'pf' documentation, particularly the
 cautions about redirecting services to the default loopback address,
 I realized another solution.

 Define another looback interface, say "lo1", with an appropriate non-
 routable address (RFC1918) and redirect incoming connections for local
 services to this interface/address.

 Make sure local services bind either to a wildcard interface/address
 or specifically the "dummy" loopback interface/address.

 Filter rules can then use "synproxy state".

 -- 
 |/"\ John D. Baker, KN5UKS               NetBSD     Darwin/MacOS X
 |\ / jdbaker[snail]mylinuxisp[flyspeck]com    OpenBSD            FreeBSD
 | X  No HTML/proprietary data in email.   BSD just sits there and works!
 |/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645

Prev by Date: PR/48958 CVS commit: src/distrib/sets/lists
Next by Date: lib/49575: the system does not parse /etc/login.conf setenv=EXINIT=set\\ ai\\ showmode\\ number
Previous by Thread: Re: kern/48377: pf "synproxy state" hangs connections to local services
Next by Thread: kern/48378: LFS can't mount FS newfs_lfs created
Indexes:

Home | Main Index | Thread Index | Old Index