Hello,
I have some filter problems with a new installed firewall with Openbsd
4.4 using PF.
This Firewall is connect to Internet and to a private network.
On this private network there is another Freebsd router which is a
connected to
a second private network. On it, there is a mail server.
To summarize :
| Internet | --------- | (em3) OpenBsd FW (em0) | ----------- |
Freebsd Router |
|
|
|
| Mail Server |
On OpenBsd FW, I set these rules :
rdr on em3 inet proto tcp from any to <public-ip> port https -> <mail-
server> port https
rdr on em3 inet proto tcp from any to <public-ip> port smtp -> <mail-
server> port smtp
block log all
#Allow SMTP, HTTPS
pass quick proto tcp from any to {<public-ip> <mail-server>} port 25
pass quick proto tcp from any to {<public-ip> <mail-server>} port 443
pass quick proto tcp from {<public-ip> <mail-server>} port 25 to any
pass quick proto tcp from {<public-ip> <mail-server>} port 25 to any
pass quick proto tcp from any port 25 to {<public-ip> <mail-server>}
pass quick proto tcp from {<public-ip> <mail-server>} to any port 25
On pflog0 interface, I have these logs :
# tcpdump -vvveni pflog0
tcpdump: listening on pflog0, link-type PFLOG
block in on em0: mail-server.443 > 149.6.161.125.58350: [|tcp] (ttl
63, id 49121, len 40)
block in on em0: mail-server.59902 > 81.255.99.202.25: [|tcp] (ttl 63,
id 14511, len 40)
block in on em0: mail-server.59902 > 81.255.99.202.25: [|tcp] (ttl 63,
id 40161, len 52)
block in on em0: mail-server.25 > 81.28.185.240.1777: [|tcp] (ttl 63,
id 4151, len 41)
I have only one block rule (As you can guess, when I delete this rule,
all work good).
I don't understand why these packets don't match my pass rules.
Somebody have already seen it or have any idea to solve it ?
Thanks.
