From owner-freebsd-pf@FreeBSD.ORG Tue Feb 28 01:40:44 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D43C5106567E for ; Tue, 28 Feb 2012 01:40:44 +0000 (UTC) (envelope-from csbender@bellsouth.net) Received: from nm15-vm0.access.bullet.mail.sp2.yahoo.com (nm15-vm0.access.bullet.mail.sp2.yahoo.com [98.139.44.164]) by mx1.freebsd.org (Postfix) with SMTP id AC11D8FC13 for ; Tue, 28 Feb 2012 01:40:44 +0000 (UTC) Received: from [98.139.44.106] by nm15.access.bullet.mail.sp2.yahoo.com with NNFMP; 28 Feb 2012 01:27:58 -0000 Received: from [98.139.44.91] by tm11.access.bullet.mail.sp2.yahoo.com with NNFMP; 28 Feb 2012 01:27:58 -0000 Received: from [127.0.0.1] by omp1028.access.mail.sp2.yahoo.com with NNFMP; 28 Feb 2012 01:27:58 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 491425.95328.bm@omp1028.access.mail.sp2.yahoo.com Received: (qmail 425 invoked by uid 60001); 28 Feb 2012 01:27:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net; s=s1024; t=1330392478; bh=nM00PJJoJ9WRHUrs+0EjOxPcTRKmuV8UcPcPkWAtHVg=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=xpOySTl7ZWQ3gJCS8oiccZtO7JnR3+67wRdeTQU6MCJ2uxil5o2ydQTvestH8KuiXs7Z9L56ZUp/RilOhIB6O229JbpXe22ZTL9xKXuUdgoJwwRgI6thFlrDRHrkF2yuKyvLX4W++rdEiUyF7M5N30wWYo9cJFl4JaVYmBSAHAU= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=bellsouth.net; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=6qXY6VI2O33yRFK5AU9bBUnqhihZvAFmjRtksEZE+0CmKg2AYJC8iU8rVth4hicFlKCC0hkxmMH6dGwZovAg7LEnF1ykUq1MVdxfOWVO7LX3/AChNlVGVsPQEtX/+qaoZgI+pqkxcvy4aG9fYezDGt7BHyH5LP/TIxg+ker8zLU=; X-YMail-OSG: v1hm.vEVM1lDLCjLh_XvuH7uK0Qs746Zaz35qWAed4TXJXW wheRHcX8MwX.nIWU4WdfUKfhtwqfOK8exZ0rvJFYKFs.ovbNd6eyj2981XcE txHHMBC0bkrH.hq5rdYdfPX402UMYKSxwJHbmS6N6Y0n3rZ06_zdt3Jfi4aM 6efe6ABqVZi.j6zRNM8cEPKNX1X2_WQpgmWlTVtHakRTuPUbq.FpDPsS.hH3 b1JVy65_whj.qXHJ6yyKIAztPsyuq7FMJ8I5LAti7DAaMVzxVelNEua_WZKR 1JtE7Js2RjE3pSy6rQ096w3a6UZbctYRt8W0G4miOLkzDSH1RcABskWD_2AZ yLLH6gcLPwQt9mnNYuOFP93HZZwSXzNUd5uiyCBGGvdCQlIW4lkWpxDej0RN lH_YtTZVkNc4SAHNf60AR8j44JpRUyj0INTYR7c35wK9YpSB0qIpyWQ-- Received: from [12.199.110.20] by web180716.mail.sp1.yahoo.com via HTTP; Mon, 27 Feb 2012 17:27:58 PST X-Mailer: YahooMailRC/708 YahooMailWebService/0.8.116.338427 Message-ID: <1330392478.216.YahooMailRC@web180716.mail.sp1.yahoo.com> Date: Mon, 27 Feb 2012 17:27:58 -0800 (PST) From: csbender To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: PF issue (rule match but rule fails) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2012 01:40:45 -0000 Hi Folks, it is great to join you. I am pretty new to the world of PF so please excuse some ignorance at least for now. I have a PF running freebsd 8.2. Here is my issue... I have SMTP rule allowing traffic in and out for certain networks. Some SMTP traffic fails, eventhough I see rule match, I have no idea why. Evidence...Here is am sending email from a network which comes across the FW. Here is the tcpdump. # tcpdump -ni bge0 host 10.156.81.10 and port 25 tcpdump: listening on bge0, link-type EN10MB 14:26:50.220591 10.156.81.10.60809 > 172.19.4.41.25: S 3154136673:3154136673(0) win 64240 (DF) [tos 0xb8] 14:26:50.244314 10.156.81.10.60809 > 172.19.4.41.25:R 3154136674:3154136735(61) ack 1245040067 win 0 (DF) [tos 0xb8] 14:27:11.233494 10.156.81.10.60809 > 172.19.4.41.25: S 3154136673:3154136673(0) win 64240 (DF) [tos 0xb8] 14:27:11.245057 10.156.81.10.60809 > 172.19.4.41.25:R 0:61(61) ack 1 win 0 (DF) [tos 0xb8] >From the above it is easy to see traffic isn't passing. Below is the rule that this traffic should be matching. pass log quick inet proto tcp from to any port = smtp flags any modulate state label "RULE 1 -- ACCEPT " First question ...what command can I run to verify that the rule above is pertaining to the traffic above? Secondly....what else could be squashing this SMTP traffic. It all works well when pfctl is -d. Do I need to pass my rules? Thanks folks in advance