Hello everyone,
I'm a newcommer in the OpenBSD world and i'm quite excited with the system.
I'm using OpenBSD as my firewall/gateway box, and now i'm getting some
unforeseen behaviors.
My script is very simple (as you will see below), but by some reason,
my machines behind the firewall can't send large emails, or emails
with attached files. This behavior is not reproducible in other links
(like in my home, where my machine is just behind a dsl modem/router).
This very message i'm sending via my home computer, through a remote
session, since i can't send it through my local computer.
I have been reading through the FAQ but didn't find anything that
could help me out. Does anyone know what could be happening?
Tks in advance and sorry for my poor english.
Here is my pf.conf file:
inet_iface="rl0"
lan_tec_iface="re0"
inet_ip="10.1.3.2"
lan_tec_ip="192.168.1.1"
lan_tec_net="192.168.1.0/24"
fileserver="192.168.1.2"
trackserver="192.168.1.3"
sininho="192.168.1.102"
snipes="192.168.1.103"
dupas="192.168.1.110"
vitor="192.168.1.155"
fw_ext_services="{ 22, 113 }"
icmp_types="{ echoreq, unreach }"
## Block-policy
set block-policy return
## Log na interface externa
set loginterface $inet_iface
## Liberar a interface de loopback de qualquer regra
set skip on lo
## Scrub em todo o trafego (normalizagco)
match in all scrub (no-df)
## NAT em na interface externa para todas as interfaces internas
nat on $inet_iface from !($inet_iface) to any -> $inet_ip
## Redirects
# FILESERVER
# openfire
rdr on $lan_tec_iface proto tcp from any to 201.22.74.237 port {
5222, 7777 } ->
$fileserver
rdr on $inet_iface proto tcp from any to any port { 5222, 7777 }
-> $fileserver
# TRACKSERVER
# gateway no trackserver
rdr on $inet_iface proto udp from any to any port 8280 -> $trackserver
# SININHO
# banco
rdr on $inet_iface proto tcp from any to any port 5432 -> $sininho
# vnc
rdr on $inet_iface proto tcp from any to any port 5901 -> $sininho
rdr on $inet_iface proto udp from any to any port 5901 -> $sininho
# ssh
rdr on $inet_iface proto tcp from any to any port 9132 -> $sininho
# SNIPES
# gateway
rdr on $inet_iface proto udp from any to any port 10050 -> $snipes
## Filters
# Bloqueia todo o trafego entrando na interface externa, por padrco
block in on $inet_iface
# Permite todo o trafego saindo em qualquer interface, por padrco
pass out keep state
# Permite trafego entrando nas interfaces internas
pass in on ! $inet_iface keep state
# Protegco antispoof para as interfaces internas
antispoof quick for $lan_tec_iface
# Permitir portas de acesso ao prsprio firewall pela internet
pass in on $inet_iface inet proto tcp from any to $inet_ip port
$fw_ext_services
flags S/SA keep state
pass in on ! $inet_iface inet from $lan_tec_net to any
# FILESERVER
# openfire
pass in on $inet_iface inet proto tcp from any to $fileserver
port { 5222, 7777 }
flags S/SA synproxy state
# TRACKSERVER
# gateway no trackserver
pass in on $inet_iface inet proto udp from any to $trackserver port 8280
# SININHO
# banco
pass in on $inet_iface inet proto tcp from any to $sininho port
5432 flags S/SA
synproxy state
# vnc
pass in on $inet_iface inet proto tcp from any to $sininho port
5901 flags S/SA
synproxy state
pass in on $inet_iface inet proto udp from any to $sininho port 5901
# ssh
pass in on $inet_iface inet proto tcp from any to $sininho port
9132 flags S/SA
synproxy state
# Snipes
# gateway
pass in on $inet_iface inet proto udp from any to $snipes port 10050
