[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and Raptor SMTP gateway incompatible?

To: Dries Schellekens <gwyllion@ace.ulyssis.org>
Subject: Re: PF and Raptor SMTP gateway incompatible?
From: Marco Radzinschi <marco@radzinschi.com>
Date: Tue, 25 Jun 2002 11:38:03 -0400 (EDT)
Cc: <misc@OpenBSD.org>

On Sun, 16 Jun 2002, Dries Schellekens wrote:

> On Sun, 16 Jun 2002, Marco Radzinschi wrote:
>
> > I want to thank everyone for responding to this, in particular Mike
> > Lewinski for the tcpdump and Darren Reed for some insight.
> >
> > >From what I understand of this, the return-rst fix may or may not work on
> > OpenBSD 3.1's pf, correct?
> >
> > I will try to get it to work, but if it does not work, it seems I have
> > three options:
>
> It will work with the return-rst rule. An other option is to add a
> stateless rule, so no keep state.
>
>
> Dries
> --
> Dries Schellekens
> email: gwyllion@ulyssis.org


I am writing once again because I cannot get this thing to work.

# telnet mail.lawpga.com 25

times out. If anyone can tell me just where to place the block return-rst
rule to make this work, I would be most appreciative.  If not, I will have
to scrap OpenBSD on these boxes.  This is not something I want to do, but
I have to get this to work, one way or another.

Thanks in advance,

- Marco Radzinschi

Below are my /etc/nat.conf and /etc/pf.conf files:

firewall# ifconfig xl0
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (10baseT)
        status: active
        inet6 fe80::201:2ff:fec5:d1c0%xl0 prefixlen 64 scopeid 0x1
        inet 68.32.62.39 netmask 0xfffffc00 broadcast 68.32.63.255

firewall# pfctl -sn
nat on xl0 from 192.168.1.0/24 to any -> 68.32.62.39
rdr on xl0 proto tcp from any to any port 21 -> 192.168.1.2 port 21
rdr on xl0 proto tcp from any to any port 22 -> 192.168.1.2 port 22
rdr on xl0 proto tcp from any to any port 23 -> 192.168.1.2 port 23
rdr on xl0 proto tcp from any to any port 25 -> 192.168.1.2 port 25
rdr on xl0 proto tcp from any to any port 110 -> 192.168.1.2 port 110
rdr on xl0 proto udp from any to any port 123 -> 192.168.1.2 port 123
rdr on xl0 proto tcp from any to any port 587 -> 192.168.1.2 port 587

firewall# pfctl -sr
@0 scrub in all
@1 block in on xl0 all
@2 pass out on xl0 all keep state
@3 pass in proto icmp all
@4 pass in on xl0 proto tcp from any to any port = auth
@5 pass in on xl0 proto tcp from any to any port = ftp
@6 pass in on xl0 proto tcp from any to any port = telnet
@7 pass in on xl0 proto tcp from any to any port = smtp
@8 pass in on xl0 proto tcp from any to any port = pop3
@9 pass in on xl0 proto udp from any to any port = ntp
@10 pass in on xl0 proto udp from any to any port = submission
@11 block return-rst in on xl0 inet proto tcp from any to 68.32.62.39/32
firewall#

Follow-Ups:
- Re: PF and Raptor SMTP gateway incompatible?
  - From: Darren Reed <avalon@coombs.anu.edu.au>

References:
- Re: PF and Raptor SMTP gateway incompatible?
  - From: Dries Schellekens <gwyllion@ace.ulyssis.org>

Prev by Date: Re: OT: keeping OpenSSH connection alive
Next by Date: Re: privsep checking
Prev by thread: Re: PF and Raptor SMTP gateway incompatible?
Next by thread: Re: PF and Raptor SMTP gateway incompatible?
Index(es):
- Date
- Thread