Date: Tue, 13 May 2008 13:53:31 +1200 From: "Mark Pagulayan" <m.pagulayan@auckland.ac.nz> To: <freebsd-pf@freebsd.org> Subject: smtp not working with state modulation Message-ID: <C65291A68BAF57499B18564A1EE4A761370D3C@UXCHANGE1.UoA.auckland.ac.nz>
next in thread | raw e-mail | index | archive | help
=20 =20 Hi Guys,=20 =20 OS: FreeBSD 7.0-RELEASE =20 I am having trouble Allowing external request SMTP through the firewall with "module state". But with "keep state" it is working fine.=20 Here is my rules below in pf: =20 ext_if=3D"em1" int_if=3D"em0" =20 scrub in on $ext_if =20 block in log on $ext_if all block return out log on $ext_if all =20 pass in log quick on $int_if pass out log quick on $int_if =20 pass log quick on $ext_if proto tcp from any to 192.168.1.1 port 25 modulate state flags S/SA =20 block in log quick on $ext_if proto tcp from any to any port 25 =20 =20 When I to try to telnet from my PC(192.169.1.2)=20 telnet 192.168.1.1 25 I get "Connection Failed" Error. =20 Checking on the tcpdump on interface pflog0, here is what is shows. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [root@fw4 /home/mark]# tcpdump -netti pflog0 port 25 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes =20 1210641823.095857 rule 4/0(match): pass in on em1: 192.168.1.2.2573 > 192.168.1.1.25: tcp 28 [bad hdr length 0 - too short, < 20] =20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D =20 Your help would be mostly appreciated.=20 =20 Cheers,=20 =20 Mark =20 =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C65291A68BAF57499B18564A1EE4A761370D3C>