Victor Lyapunov wrote:
Thanks for your answer, olli.As i send mail not from my freebsd server, but rather from the clients on the local network, so here's what i did: my pf.conf: set loginterface pflog0 set block-policy drop set skip on lo0 block drop log on em0 all pass log inet proto tcp from 192.168.0.0/24 to any port {smtp, pop3, imap, smtps, pop3s} flags S/SA keep state pass log proto udp from any to any port = domain keep state # tcpdump -net -i pflog0 Now i went to a windows computer and tried to send an email with attachment to gmail.com (sending failed at 2%) here's what i got in my pflog: rule 4/0(match): pass in on em0: (tos 0x0, ttl 128, id 19860, offset 0, flags [DF], proto TCP (6), length 48) 192.168.0.5.1822 > 209.85.129.111.465: [|tcp]
rule 4/0(match): pass out on em0: (tos 0x0, ttl 127, id 19860, offset 0, flags [DF], proto TCP (6), length 48) 192.168.0.5.1822 > 209.85.129.111.465: tcp 28 [bad hdr length 0 - too short, < 20]
why is the [DF] bit set? can you try with the following pf option scrub all no-df _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
