I'm trying to get a simple pf setup working, but I'm missing something.. I have three hosts, Alice, Bob & Charlie.
Alice & Bob are SMTP servers and need to talk to each other via SMTP. Charlie is an OpenBSD 3.7 box with 2 NICs. I *have* enabled ip routing by doing: "sysctl net.inet.ip.forwarding=1" I have no need to actually NAT the Alice & Bob addresses (unless anyone says that I should), I'm just using NAT as I assume that I have to use NAT to allow the packets through PF. In my /etc/pf.conf I've got: scrub in binat from $alice to any -> $alice block all #Allow packets from Alice to Bob pass in on $alice_if proto tcp from $alice to $bob port 25 keep state pass out on $bob_if proto tcp from $alice to $bob port 25 keep state #Allow packets from Bob to Alice pass in on $bob_if proto tcp from $bob to $alice port 25 keep state pass out on $alice_if proto tcp from $bob to $alice port 25 keep state With this, I can "telnet bob 25" from alice and it works fine. However, I can't do "telnet alice 25" from bob. I tried adding the line: binat from $bob to any -> $bob but that didn't appear to make any difference. If I disable pf, then everything works fine (so I know routing tables, etc are correct) Can someone help me out here ? Am I aproaching this the right way or is there a "better" way to do this ? Thanks, GTG Gordon Ross, Network Manager/Rheolwr Rhydwaith Countryside Council for Wales/Cyngor Cefn Gwlad Cymru
