Hello,
On Wed, 20 Feb 2008, Albert Chin wrote:
On Wed, Feb 20, 2008 at 08:55:44AM +0100, Stefan Kell wrote:
-------- Original-Nachricht --------
Datum: Tue, 19 Feb 2008 22:36:20 -0600
Von: Albert Chin <[EMAIL PROTECTED]>
An: misc@openbsd.org
Betreff: Sending mail from external firewall to external mail server (behind
firewall)
... snip...
rdr pass log on $ext_if inet proto tcp from any to $mail_ip \
port = smtp -> $emma_gw
From the Internet, if I "telnet 67.95.107.111 25", everything works.
But, on hammer:
hammer% telnet 67.95.107.111 25
Trying 67.95.107.111...
telnet: connect to address 67.95.107.111: Connection refused
... snip ...
see "man pf.conf", especially paragraph "Translation rules apply
only to packets that pass through the specified interface,..."
Thanks. I've changed my pf rule from:
rdr pass log on $ext_if inet proto tcp from any to $mail_ip \
port = smtp -> $emma_gw
to:
rdr pass log inet proto tcp from any to $mail_ip \
port = smtp -> $emma_gw
This certainly helps for hosts on the local network. But, the issue
with "telnet 67.95.107.111 25" not working on hammer remains.
BTW, we are running OpenBSD 4.0 on x86.
Have a look at the pf-FAQ, see "http://www.openbsd.org/faq/pf/rdr.html";.
Your problem is discussed there. I think you cannot test redirection on
the firewall itself because the packets won't reach the redirection
stuff in pf.
Regards
Stefan Kell
