spamd + pf but with bridging
Nico De Dobbeleer
nico at elico-it.be
Tue Sep 21 12:37:38 UTC 2010
Hello,
I've a question. I'm using a freebsd with pf firewall as an shared firewall (customers need pubip's) so there's a bridge between the external and internal interface with no ip's defined. There's also an management interface mng_if for me to log on to the firewall.
I want now to setup spamd on the firewall but when I'm redirecting to the external interface:
# redirect to spamd
rdr pass inet proto tcp from <spamd-white> to $ext_if port \ smtp -> 127.0.0.1 port smtp
rdr pass inet proto tcp from <spamd> to $ext_if port \ smtp -> 127.0.0.1 port spamd
rdr pass inet proto tcp from !<spamd-mywhite> to $ext_if port \ smtp -> 127.0.0.1 port spamd
# mail!
pass in log inet proto tcp from any to $ext_if port smtp flags S/SA \ synproxy state
pass out log inet proto tcp from $ext_if to any port smtp flags S/SA \ synproxy state
He gives me the following errors:
firewall# pfctl -f /etc/pf-bridge.conf
no IP address found for em0
/etc/pf-bridge.conf:119: could not parse host specification
no IP address found for em0
/etc/pf-bridge.conf:120: could not parse host specification
no IP address found for em0
/etc/pf-bridge.conf:121: could not parse host specification
no IP address found for em0
/etc/pf-bridge.conf:124: could not parse host specification
no IP address found for em0
/etc/pf-bridge.conf:125: could not parse host specification
pfctl: Syntax error in config file: pf rules not loaded
When I'm setting it to the mng_if (which has an ip but is not used to bridge traffic, it's ok but seems there's no traffic going over mng_if it useless.
Anyone an Idea?
With kind regards,
Nico De Dobbeleer
More information about the freebsd-pf
mailing list