smtp not working with state modulation
Mark Pagulayan
m.pagulayan at auckland.ac.nz
Tue May 13 02:17:54 UTC 2008
Hi Guys,
OS: FreeBSD 7.0-RELEASE
I am having trouble Allowing external request SMTP through the firewall
with "module state". But with "keep state" it is working fine.
Here is my rules below in pf:
ext_if="em1"
int_if="em0"
scrub in on $ext_if
block in log on $ext_if all
block return out log on $ext_if all
pass in log quick on $int_if
pass out log quick on $int_if
pass log quick on $ext_if proto tcp from any to 192.168.1.1 port 25
modulate state flags S/SA
block in log quick on $ext_if proto tcp from any to any port 25
When I to try to telnet from my PC(192.169.1.2)
telnet 192.168.1.1 25
I get "Connection Failed" Error.
Checking on the tcpdump on interface pflog0, here is what is shows.
========================================================================
=======================
[root at fw4 /home/mark]# tcpdump -netti pflog0 port 25
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size
96 bytes
1210641823.095857 rule 4/0(match): pass in on em1: 192.168.1.2.2573 >
192.168.1.1.25: tcp 28 [bad hdr length 0 - too short, < 20]
========================================================================
============================
Your help would be mostly appreciated.
Cheers,
Mark
More information about the freebsd-pf
mailing list