On 12/17/13 21:11, Tethys wrote:
On Tue, Dec 17, 2013 at 7:51 PM, Jan Stary <h...@stare.cz> wrote:
block in log
block out log on $ext
How could anyone help you knowing just these two lines?
Show your pf.conf
I was trying to show that I only had two block lines and that they
both should log when blocking packets. My rules are actually very
simple:
match out on $ext from $int_ip to any nat-to $loki_ext
block in log
block out log on $ext
pass in quick on $int flags any
pass out on $ext from $lokisafe
pass in on $ext inet proto tcp to port 4334 rdr-to 127.0.0.1 port ssh
pass in on $ext inet proto tcp from $mx to $loki_ext port smtp
rdr-to $riva port smtp flags any
pass out on $int inet proto tcp from $mx port smtp flags any
$int and $ext are interfaces on the firewall (loki). $loki_ext is the
external IP, $int_ip is the internal /24. $lokisafe is a selection of
/24s that I've sometimes used, including the internal network. $riva
is my home mail server. $mx is the IP addresses of my hosted MX
servers.
With tcpdump, I can see the response to the EHLO greeting leaving
riva, arriving on $int, but never making it to $ext. Using HELO
instead doesn't prompt the same behaviour.
Tet
this shouldn't be this hard.. can we see output from "netstat -rnf
inet", "pfctl -vvsr", maybe output from dmesg? You never indicated
what MX server you're running. postfix, actual sendmail, opensmtpd...
?? Your config from the smtp server would be helpful as well. The fact
that you're getting different responses from HELO and EHLO would
indicate that something odd is going on with your MX server but the fact
that you get one reply from ping and no more would indicate something else.
A
