From owner-freebsd-questions@FreeBSD.ORG Mon May 30 18:33:04 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B98F16A41C for ; Mon, 30 May 2005 18:33:04 +0000 (GMT) (envelope-from scott@maxify.com) Received: from vertigo.maxify.com (ns.maxify.com [216.218.213.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 4212743D48 for ; Mon, 30 May 2005 18:33:04 +0000 (GMT) (envelope-from scott@maxify.com) Received: (qmail 39940 invoked from network); 30 May 2005 18:41:56 -0000 Received: from unknown (HELO ?66.92.188.147?) (66.92.188.147) by ns.maxify.com with SMTP; 30 May 2005 18:41:56 -0000 Mime-Version: 1.0 (Apple Message framework v728) In-Reply-To: <199B60BD-1D20-492E-A278-21BD0CCF3475@maxify.com> References: <199B60BD-1D20-492E-A278-21BD0CCF3475@maxify.com> Message-Id: <5843C5B4-AAA9-4A64-BEE2-9CB5E7476966@maxify.com> From: Scott Stevenson Date: Mon, 30 May 2005 11:31:30 -0700 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.728) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Clients receive only first 4k (issue with pf.conf) -- ignore others X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2005 18:33:04 -0000 On May 30, 2005, at 9:23 AM, Scott Stevenson wrote: > The problem is that if I use the version without "keep state," the > machine can't send outbound mail, and I see messages like this in > maillog: > > May 30 09:14:33 vertigo qmail: 1117469673.126013 delivery > 639634: deferral > Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/ > > In fact, I tried to send this message to the list twice yesterday, > but realized that mail packets were being filtered out. I looked at > pflog0 while mail was being sent, but I wasn't able to find the > bounced packets. Here's the relevant smtp line: > > pass in quick on $ext_if proto { tcp, udp } from any to any > port 25 > > > I'm much more familiar with the firewalls bundled with various > linux distributions, so I'm really stumped. I've read through > various sections of the PF faq, but I haven't found an answer to this. Sorry to post *yet again* on this, but I think I finally figured out what was wrong. I want to post a follow-up for the archives. The solution to "partial page" Apache problem was to balance the "keep state" directives. Originally, the httpd line looked like this: pass in quick on $ext_if proto { tcp, udp } from any to any port 80 And the "out" line looked like this: pass out on $ext_if proto { tcp, udp } all keep state The solution was to change the httpd line to this: pass in quick on $ext_if proto { tcp, udp } from any to any port 80 keep state Does it make sense that I'd need "keep state" for both in and out, or is this a PF bug? Should I add it to these as well? pass in quick on $ext_if proto { tcp, udp } from any to any port 25 pass in quick on $ext_if proto { tcp, udp } from any to any port 53 Thanks, and sorry again for the duplicate messages. - Scott