On 2013-12-17 Tue 17:05 PM |, Tethys wrote: > On Tue, Dec 17, 2013 at 4:43 PM, Craig R. Skinner > <skin...@britvault.co.uk> wrote: > > > I guess you have net.inet<something>.forwarding=1 in /etc/sysctl.conf > > Yes, I do. I can browse the web etc from inside the firewall without problems. > > > Does the firewall also know where to forward external traffic to your > > internal mail server? (NON-NAT) > > I have: > > pass in on $ext inet proto tcp from $mx to $loki_ext port smtp > rdr-to $riva port smtp keep state > > $ext is the firewall's external interface. $mx expands to the IP > addresses of my MX servers. $loki_ext is the external IP address of my > firewall, and $riva is my internal mail server. >
There might be some other rule later on that's blocking it. Scan through the output of: $ sudo pfctl -sr
