Date: Tue, 13 May 2008 13:53:31 +1200 From: "Mark Pagulayan" <m.pagulayan@auckland.ac.nz> To: <freebsd-pf@freebsd.org> Subject: smtp not working with state modulation Message-ID: <C65291A68BAF57499B18564A1EE4A761370D3C@UXCHANGE1.UoA.auckland.ac.nz>
next in thread | raw e-mail | index | archive | help
Hi Guys, OS: FreeBSD 7.0-RELEASE I am having trouble Allowing external request SMTP through the firewall with "module state". But with "keep state" it is working fine. Here is my rules below in pf: ext_if="em1" int_if="em0" scrub in on $ext_if block in log on $ext_if all block return out log on $ext_if all pass in log quick on $int_if pass out log quick on $int_if pass log quick on $ext_if proto tcp from any to 192.168.1.1 port 25 modulate state flags S/SA block in log quick on $ext_if proto tcp from any to any port 25 When I to try to telnet from my PC(192.169.1.2) telnet 192.168.1.1 25 I get "Connection Failed" Error. Checking on the tcpdump on interface pflog0, here is what is shows. ======================================================================== ======================= [root@fw4 /home/mark]# tcpdump -netti pflog0 port 25 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 1210641823.095857 rule 4/0(match): pass in on em1: 192.168.1.2.2573 > 192.168.1.1.25: tcp 28 [bad hdr length 0 - too short, < 20] ======================================================================== ============================ Your help would be mostly appreciated. Cheers, Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C65291A68BAF57499B18564A1EE4A761370D3C>