i think that u will have to track down the packets tcpdump can be the solution, or disable blocking while u find the offensive rule then fix it!
> Date: Tue, 17 Dec 2013 17:56:33 +0000 > To: misc@openbsd.org > Subject: Re: Bizarre pf/sendmail interaction > From: skin...@britvault.co.uk > > On 2013-12-17 Tue 17:05 PM |, Tethys wrote: > > On Tue, Dec 17, 2013 at 4:43 PM, Craig R. Skinner > > <skin...@britvault.co.uk> wrote: > > > > > I guess you have net.inet<something>.forwarding=1 in /etc/sysctl.conf > > > > Yes, I do. I can browse the web etc from inside the firewall without problems. > > > > > Does the firewall also know where to forward external traffic to your > > > internal mail server? (NON-NAT) > > > > I have: > > > > pass in on $ext inet proto tcp from $mx to $loki_ext port smtp > > rdr-to $riva port smtp keep state > > > > $ext is the firewall's external interface. $mx expands to the IP > > addresses of my MX servers. $loki_ext is the external IP address of my > > firewall, and $riva is my internal mail server. > > > > There might be some other rule later on that's blocking it. > > Scan through the output of: > $ sudo pfctl -sr
