Unable to get synproxy working using snapshot dated June 28, previously was using one from about 2 weeks ago which also did not work. TCP handshake is never completed, state remains PROXY:DST until the client times out. Modulate or keep state works as normal. Am I missing something? I've used synproxy before and it worked quite well, just can't figure out what I am doing wrong, configuration is kept very simple for testing. Included below is the pf.conf, pfctl -sa and ifconfig -a output.
Thanks, Kevin # cat /etc/pf.conf.syn pass in log quick on em0 proto tcp from any to any port 80 \ flags S/SA synproxy state pass in log quick on em0 from any to any \ flags S/SA keep state # pfctl -sa FILTER RULES: pass in log quick on em0 proto tcp from any to any port = www flags S/SA synproxy state pass in log quick on em0 all flags S/SA keep state No queue in use STATES: self tcp 216.15.185.220:80 <- 216.15.129.88:31388 PROXY:DST INFO: Status: Enabled for 0 days 00:07:56 Debug: Urgent Hostid: 0xcdd898be State Table Total Rate current entries 1 searches 1150 2.4/s inserts 4 0.0/s removals 3 0.0/s Counters match 1080 2.3/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10 states adaptive.start 0 states adaptive.end 0s src.track 0s LIMITS: states hard limit 10000 src-nodes hard limit 10000 frags hard limit 5000 OS FINGERPRINTS: 345 fingerprints loaded # ifconfig -a lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 address: 00:07:e9:0c:ec:e9 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 216.15.185.220 netmask 0xffffff00 broadcast 216.15.185.255 inet6 fe80::207:e9ff:fe0c:ece9%em0 prefixlen 64 scopeid 0x1 fxp0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 address: 00:02:b3:92:48:bc media: Ethernet autoselect (none) status: no carrier fxp1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 address: 00:02:b3:3a:7b:37 media: Ethernet autoselect (none) status: no carrier pflog0: flags=0<> mtu 33224 pfsync0: flags=0<> mtu 2020 enc0: flags=0<> mtu 1536