From owner-freebsd-pf@FreeBSD.ORG Tue May 13 02:17:54 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 493721065672 for ; Tue, 13 May 2008 02:17:54 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from mailhost.auckland.ac.nz (larry.its.auckland.ac.nz [130.216.12.34]) by mx1.freebsd.org (Postfix) with ESMTP id 4F5B38FC15 for ; Tue, 13 May 2008 02:17:48 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id F267B185F7 for ; Tue, 13 May 2008 13:53:32 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (larry.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOXhj4+h2mHj for ; Tue, 13 May 2008 13:53:32 +1200 (NZST) Received: from UXCHANGE2.UoA.auckland.ac.nz (uxcn1.itss.auckland.ac.nz [130.216.190.118]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id BFEFF18617 for ; Tue, 13 May 2008 13:53:32 +1200 (NZST) Received: from UXCHANGE1.UoA.auckland.ac.nz ([130.216.190.121]) by UXCHANGE2.UoA.auckland.ac.nz with Microsoft SMTPSVC(6.0.3790.1830); Tue, 13 May 2008 13:53:32 +1200 x-mimeole: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 13 May 2008 13:53:31 +1200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: smtp not working with state modulation Thread-Index: Aci0mRSLYt2QpmJwTeymuImGRf6iRwAArDcg From: "Mark Pagulayan" To: X-OriginalArrivalTime: 13 May 2008 01:53:32.0656 (UTC) FILETIME=[26104F00:01C8B49C] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: smtp not working with state modulation X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2008 02:17:54 -0000 =20 =20 Hi Guys,=20 =20 OS: FreeBSD 7.0-RELEASE =20 I am having trouble Allowing external request SMTP through the firewall with "module state". But with "keep state" it is working fine.=20 Here is my rules below in pf: =20 ext_if=3D"em1" int_if=3D"em0" =20 scrub in on $ext_if =20 block in log on $ext_if all block return out log on $ext_if all =20 pass in log quick on $int_if pass out log quick on $int_if =20 pass log quick on $ext_if proto tcp from any to 192.168.1.1 port 25 modulate state flags S/SA =20 block in log quick on $ext_if proto tcp from any to any port 25 =20 =20 When I to try to telnet from my PC(192.169.1.2)=20 telnet 192.168.1.1 25 I get "Connection Failed" Error. =20 Checking on the tcpdump on interface pflog0, here is what is shows. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [root@fw4 /home/mark]# tcpdump -netti pflog0 port 25 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes =20 1210641823.095857 rule 4/0(match): pass in on em1: 192.168.1.2.2573 > 192.168.1.1.25: tcp 28 [bad hdr length 0 - too short, < 20] =20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D =20 Your help would be mostly appreciated.=20 =20 Cheers,=20 =20 Mark =20 =20