From owner-freebsd-questions@FreeBSD.ORG Mon May 30 19:11:22 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDDAD16A41C for ; Mon, 30 May 2005 19:11:22 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 153CB43D1F for ; Mon, 30 May 2005 19:11:20 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27]) by aiolos.otenet.gr (8.13.4/8.13.4/Debian-1) with ESMTP id j4UJBGL4005279; Mon, 30 May 2005 22:11:16 +0300 Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226]) by kane.otenet.gr (8.13.4/8.13.4/Debian-1) with SMTP id j4UJ9BWv022707; Mon, 30 May 2005 22:09:12 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) by orion.daedalusnetworks.priv (8.13.3/8.13.3) with ESMTP id j4UJBFKD090261; Mon, 30 May 2005 22:11:15 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by orion.daedalusnetworks.priv (8.13.3/8.13.3/Submit) id j4UJBFFe090260; Mon, 30 May 2005 22:11:15 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Mon, 30 May 2005 22:11:14 +0300 From: Giorgos Keramidas To: Scott Stevenson Message-ID: <20050530191114.GA90223@orion.daedalusnetworks.priv> References: <199B60BD-1D20-492E-A278-21BD0CCF3475@maxify.com> <5843C5B4-AAA9-4A64-BEE2-9CB5E7476966@maxify.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5843C5B4-AAA9-4A64-BEE2-9CB5E7476966@maxify.com> Cc: freebsd-questions@freebsd.org Subject: Re: Clients receive only first 4k (issue with pf.conf) -- ignore others X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2005 19:11:22 -0000 On 2005-05-30 11:31, Scott Stevenson wrote: > On May 30, 2005, at 9:23 AM, Scott Stevenson wrote: > >The problem is that if I use the version without "keep state," the > >machine can't send outbound mail, and I see messages like this in > >maillog: > > > > May 30 09:14:33 vertigo qmail: 1117469673.126013 delivery 639634: deferral > > Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/ > > > >In fact, I tried to send this message to the list twice yesterday, > >but realized that mail packets were being filtered out. I looked at > >pflog0 while mail was being sent, but I wasn't able to find the > >bounced packets. Here's the relevant smtp line: > > > > pass in quick on $ext_if proto { tcp, udp } from any to any port 25 > > > > > >I'm much more familiar with the firewalls bundled with various linux > >distributions, so I'm really stumped. I've read through various > >sections of the PF faq, but I haven't found an answer to this. > > Sorry to post *yet again* on this, but I think I finally figured out > what was wrong. I want to post a follow-up for the archives. The > solution to "partial page" Apache problem was to balance the "keep > state" directives. > > > Originally, the httpd line looked like this: > > pass in quick on $ext_if proto { tcp, udp } from any to any port 80 > > And the "out" line looked like this: > > pass out on $ext_if proto { tcp, udp } all keep state > > The solution was to change the httpd line to this: > > pass in quick on $ext_if proto { tcp, udp } from any to any port 80 keep state > > Does it make sense that I'd need "keep state" for both in and out, or > is this a PF bug? Yes, it makes sense. This is the correct way to do it. > Should I add it to these as well? > > pass in quick on $ext_if proto { tcp, udp } from any to any port 25 > pass in quick on $ext_if proto { tcp, udp } from any to any port 53 Yes, if you want those services visible from the outside.