Make sure you're setting a state.
I had the same problem with gmail, and then I realized that I had
accidentally preempted the rule which was setting state on my DMZ
interface. Once I fixed that I didn't have any more problems.
--
chort
On Jun 24, 2008, at 10:56 AM, Monah Baki wrote:
Thanks all for all the help.
Reason I was asking is I have this strange issue.
First my pf.conf (sniped) is:
+++++++++++++++++++++
int_if="xl0"
ext_if="xl1"
external_addr="tun0"
tcp_services = "{ 22, 25, 53, 80, 110, 143, 443, 554, 6667, 1220,
1863, \
3128, 5060, 5061, 5190, 6667, 8000, 8021, 8080, 8085, 9090, 10000 }"
udp_services = "{ 53, 113 }"
set loginterface $external_addr
set loginterface $ext_if
# set block-policy drop
scrub in all
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
pass quick on lo0 all
block in log
pass out keep state
antispoof quick for { lo $int_if }
pass out quick on $int_if proto tcp from any to $mail_srvr port 25
pass log quick on $external_addr
pass quick on $ext_if
++++++++++++++++++++++
If I change "pass log quick on $external_addr" to "pass in log
quick on
$external_addr from any to any port $tcp_services", I can no longer
receive email from certain domains (gmail.com, guru.com and
customers).
However I can receive email from my work and from hotmail. When I
issue
the tcpdump -i pflog, I do not see any (block), but I do not
receive the
mails at all.
Couple of days, google responds with:
"timeout after EHLO from yw-out-1718.google.com[74.125.46.157]"
and "timeout after EHLO from mail3.guru.com[216.151.125.108]"
If I switch back to "pass log quick on $external_addr" everything
works.
I'm using OpenBSD3.9 with PPPoE.
On Tue, Jun 24, 2008 at 11:06:04AM -0400, Monah Baki wrote:
| Hi all,
|
| Using tcpdump -i pflog0
|
| Jun 24 10:54:01.209701 rule 14/(match) pass in on tun0
|
| Is there a way to display what's rule 14?
BSD Networking, Microsoft Notworking
