I have been trying to set up a mail server on its own nic from my openbsd firewall. Everything works from within my network, but I can't connect to the server from the internet, either by sending a mail or telnetting to port 25.
So you can see the setup, netstat gives an output of: --- Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default n.n.n.1 UGS 3 77029 - 8 gem0 10.0.0/24 link#2 UC 2 0 - 4 rl0 10.0.0.1 00:30:bd:36:e6:2a UHLc 0 5 - 4 lo0 10.0.0.2 00:03:bc:0b:6a:cf UHLc 1 250 - 4 rl0 10.0.1/24 link#3 UC 1 0 - 4 rl1 10.0.1.254 00:03:bc:44:52:e5 UHLc 1 114545 - 4 rl1 n.n.n/24 link#1 UC 1 0 - 4 gem0 n.n.n.1 x:x:x:x:x:x UHLc 1 0 - 4 gem0 n.n.n.nn 127.0.0.1 UGHS 0 0 33152 8 lo0 127/8 127.0.0.1 UGRS 0 0 33152 8 lo0 127.0.0.1 127.0.0.1 UH 3 1358 33152 4 lo0 224/4 127.0.0.1 URS 0 0 33152 8 lo0 --- where n.n.n.nn is the ISP-provided internet address. I chopped my pf.conf down to a minimum for testing, and here it is: --- mail_server = "rl0" set skip on lo # NAT match out on egress inet from !(egress:network) to any nat-to (egress:0) block in log all pass out log all pass in log quick inet from $mail_server to any pass in log quick on egress inet proto tcp to any port smtp rdr-to $mail_server --- The rule allowing port 25 is hit, as shown in the log: Aug 01 14:12:15.010964 rule 3/(match) pass in on gem0: a.a.a.a.30743 > n.n.n.nn.25: S 3000212935:3000212935(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 1083494599 0,[|tcp]> (DF) a.a.a.a in this case was an external mail provider. < please ignore the rule number in this, there are many examples I have tried with different rulesets, but the end result is the same > but using tcpdump I can see that no packet actually hits rl0. Please can someone point out the error of my ways? This is on OpenBSD 5.0-release, sparc64. Thanks.
