Question about synproxy

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: skeletor <skeletor_at_lissyara.su>
Date: Wed, 16 Mar 2022 16:14:57 UTC

Hi.
Could anybody explain me, why synproxy doesn't work in this rule?

# pfctl -sr -v
pass in quick on vmx0 inet proto tcp from any to 10.5.0.5 port = 2211 
flags S/SA synproxy state
   [ Evaluations: 1777      Packets: 0         Bytes: 0 
States: 1     ]
   [ Inserted: uid 0 pid 75209 State Creations: 2     ]
pass all flags S/SA keep state
   [ Evaluations: 1775      Packets: 2885      Bytes: 288624 
States: 194   ]
   [ Inserted: uid 0 pid 75209 State Creations: 1375  ]

I have a openssh server on port 2211

# sockstat | grep 2211
root     sshd       841   3  tcp6   *:2211                *:*
root     sshd       841   4  tcp4   *:2211                *:*

In tcpdump I see a packets between hosts, but connection can't be 
established. May be I have wrong using of synproxy?

My goal is to use synproxy for connect to server ssh (which on this 
host, where pf rules). Or it's not for this purposal?

Thanks.