[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new user - NT4 POP3 mail client won't pass firewall

I am trying to firewall (OpenBSD 3.0) my NT4 (sp6 128 bit) box but have not
found an answer to passing my POP3 mail client to ISP. I have read many
FAQs and How-Tos and borrowed liberally, without success. I am running
Eudora4.02 and it works fine if not behind the firewall. I can successfully
ping and browse (Netscape 4.78) through the firewall. 

Thank you in advance for help.

My pf, nat and dhcpd confs follow:
# +++++
# Definitions
# +++++
external="ep0"
internal="vr0"
spoofed="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 }"
inSvcsTCP = "{ ssh, auth, https }"
outSvcsTCP = "{ http, https, pop3, imap3, whois, domain, ntp, auth, nntp }"
outSvcsUDP = "{ pop3, imap3, domain, ntp }"

RealAudio = "{ 554, 7070, 8080 }"

# +++++
# Clean up fragged and abnormal packets
# +++++
scrub in on { $external, $internal } all
# +++++

# +++++
# drop spoofed packets
# +++++
block in  quick on $external from $spoofed to any
block out quick on $external from any      to $spoofed

# +++++
# default case
# +++++
block in       on $external all
block out      on $external all
pass in  quick on $internal all
pass out quick on $internal all

block in  quick inet6 all
block out quick inet6 all
# +++++

# +++++
# quietly drop broadcasts
# +++++
block in quick on $external from any to 255.255.255.255
# +++++

# +++++
# Pass Rules
# +++++

# ALL - for debugging purposes
#pass out quick on $external all keep state

# ICMP - ping
pass out quick on $external inet proto icmp all icmp-type 8 code 0 keep state

# Std services sought
pass out quick on $external inet proto udp from any to any port $outSvcsUDP
keep state
pass out quick on $external inet proto tcp from any to any port $outSvcsTCP
flags S/SA 

modulate state

# Special services sought
pass out quick on $external inet proto tcp from any to any port $RealAudio
flags S/SA 

modulate state 

#	$OpenBSD: nat.conf,v 1.4 2001/07/09 23:20:46 millert Exp $
#
# See nat.conf(5) for syntax and examples
#
# replace ext0 with external interface name, 10.0.0.0/8 with internal network
# and 192.168.1.1 with external address
#
# nat: packets going out through ep0 with source address 10.0.0.0/24 will get
# translated as coming from 24.65.23.155. a state is created for such packets,
# and incoming packets will be redirected to the internal address.

nat on ep0 from 10.0.0.0/24 to any -> ep0

#5 rdr: packets coming in through ep0 with destination 24.65.23.155:1234 will
# be redirected to 10.0.0.9:5678. a state is created for such packets, and
# outgoing packets will be translated as coming from the external address.

# rdr on ep0 proto tcp from any to 24.65.23.155/32 port 1234 -> 10.0.0.9
port 5678


#	$OpenBSD: dhcpd.conf,v 1.1 1998/08/19 04:25:45 form Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#

# Network:		10.0.0.0/255.255.255.0
# Domain name:		??.com
# Name servers:		192.168.1.3 and 192.168.1.5
# Default router:	10.0.0.1
# Addresses:		10.0.0.9 - 10.0.0.255
#
shared-network LOCAL-NET {
	option  domain-name-servers 24.64.223.195, 24.64.223.212;

	subnet 10.0.0.0 netmask 255.255.255.0 {
		option routers 10.0.0.1;

		range 10.0.0.9 10.0.0.127;
	}
}


Brendan Donald
b.donald@shaw.ca