On Tue, Dec 17, 2013 at 5:30 PM, Aaron <kmiy...@comcast.net> wrote: > Did you enable forwarding? > > net.inet.ip.forwarding
Yes. Packets are being forwarded without problems, and it's working as a firewall exactly as you'd expect for outbound traffic. I can browse the web etc. But something strange is going on. Not only do I get problems with EHLO vs HELO, but also I can't ssh from the firewall into my internal mail server and if I ping it, it only works once: # ping riva PING riva.astradyne.corp (192.168.8.10): 56 data bytes 64 bytes from 192.168.8.10: icmp_seq=0 ttl=64 time=0.180 ms ping: sendto: No route to host ping: wrote riva.astradyne.corp 64 chars, ret=-1 ping: sendto: No route to host ping: wrote riva.astradyne.corp 64 chars, ret=-1 ping: sendto: No route to host ping: wrote riva.astradyne.corp 64 chars, ret=-1 It's as if something is allowing through a handful of packets and then blocking subsequent ones. I wouldn't mind so much if I had a log telling me what was being blocked and why. At least then I'd have a clue what was going on and could adjust my pf.conf to fix it. But no, the packets just seem to disappear into the ether. Tet -- "Java is a DSL for taking large XML files and converting them to stack traces" -- Bulat Shakirzyanov
