Date: Thu, 16 Sep 2004 04:13:41 -0000 From: Daniel Hartmeier <daniel@benzedrine.cx> To: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: pf and spamd Message-ID: <20040828201923.GA31057@insomnia.benzedrine.cx> In-Reply-To: <7A6783D3-F373-11D8-A696-00039311ED22@sycorax.ath.cx> References: <3ABA53F8-F323-11D8-A696-00039311ED22@sycorax.ath.cx> <200408211204.56633.max@love2party.net> <7A6783D3-F373-11D8-A696-00039311ED22@sycorax.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 21, 2004 at 09:10:30PM +0800, Jett Tayer wrote:
> # spamd-setup puts addresses to be redirected into table <spamd>.
> table <spamd> persist
> no rdr on { lo0 } from any to any
> rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025
> pass in on lo0 inet proto tcp from <spamd> to 127.0.0.1 port 8025
The connection is coming in on a real interface (not lo0), so you have
to pass it on that interface. If the above was your entire ruleset, that
would be no issue (as it passes by default), but I assume you have a
more complex ruleset which blocks, too. Alternatively, add the 'pass'
option to the 'rdr' rule, so it doesn't require another pass rule.
In general, add 'log' to all your 'block' rules and watch pflog for
blocked packets. That's the standard first step when debugging rulesets.
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040828201923.GA31057>