Victor Lyapunov wrote:
Hi all,
I have production network with FreeBSD box acting as firewall. The
problem emerge as soon as users send mail with attachments. (Sending
mail without attachments always succeeds). Basically, when a user
tries to send a message, only part of it transmitted before connection
is interrupted and sending fails. The problem persists only when pf is
enabled.
My ruleset:
scrub in all fragment reassemble
block drop on em0 all
pass inet proto tcp from 192.168.0.0/24 to any port = smtp flags S/SA keep state
pass inet proto tcp from 192.168.0.0/24 to any port = pop3 flags S/SA keep state
pass inet proto tcp from 192.168.0.0/24 to any port = imap flags S/SA keep state
pass inet proto tcp from 192.168.0.0/24 to any port = smtps flags S/SA
keep state
pass inet proto tcp from 192.168.0.0/24 to any port = pop3s flags S/SA
keep state
pass proto udp from any to any port = domain keep state
[...]
Is this only for client submitting (imap) or even for incoming mails
from outside via smtp?
What about outgoing traffic from the machine?
Try the following in pf.conf to see why this happens
set loginterface pflog0
set block-policy drop
set skip on lo0
block drop in log on em0 all
pass out log on em0 all
Now use tcpdump to see which rule drops the traffic
#> tcpdump -net -i pflog0
--
olli
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
