Thanks,
Sid
[EMAIL PROTECTED] wrote:
port 443 (ms sql server traffic) is being blocked because you dont have a rule to pass it in
your ruleset allows only smtp, ssh, and https to come in, everything else is being blocked
is that the only "problem" you are having? or is the email not functioning properly either?
scott
On Tue, 18 Mar 2003, Sid Keller wrote:
I having some problems with my rulesets for an email server. The server is not behind a firewall but I have pf enabled on the server. Here is my ruleset.
############################################################################### #---------------------------------------------------------- # Variable Section #---------------------------------------------------------- int_if="fxp0" nonroute="{ 192.168.1.0/24, 172.16.0.0/12, 127.0.0.0/8, 10.0.0.0/8, 0.0.0.0/8 }" approved_mgmt_net="{ x.x.x.x }" server_ip="{ x.x.x.x }" #************************************************************************ #************************************************************************ # Firewall Rulebase Begin #************************************************************************ #************************************************************************ # #---------------------------------------------------------- # Packet Normalization (deny fragmented packets) #---------------------------------------------------------- scrub in all #---------------------------------------------------------- # Default Deny #---------------------------------------------------------- block in log all #---------------------------------------------------------- # Allow Loopback Packets pass in quick on lo0 all pass out quick on lo0 all #---------------------------------------------------------- # Drop Spoofed Packets #---------------------------------------------------------- block in log quick on $int_if from $nonroute to any block out log quick on $int_if from any to $nonroute #---------------------------------------------------------- # Drop wrong TCP Flags #---------------------------------------------------------- block in quick on $int_if inet proto tcp from any to any flags FUP/FUP #---------------------------------------------------------- #---------------------------------------------------------- # Firewall RULES #---------------------------------------------------------- pass in quick on $int_if inet proto tcp from $approved_mgmt_net to $server_ip port ssh pass in quick on $int_if inet proto tcp from any to $server_ip port https flags S/SA modulate state pass in quick on $int_if inet proto tcp from any to $server_ip port { smtp } flags S/SA modulate state #---------------------------------------------------------- # Allow Return Traffic and Connection From Firewall #---------------------------------------------------------- pass out on $int_if inet proto { tcp, udp, icmp } all keep state
Here is a snippet from my pflog file using tcpdump -n -e -ttt.
Mar 07 10:58:10.177507 rule 1/0(match): block in on fxp0: user.ip.address.1501 > my.ip.address.443: F 71818460:71818460(0) ack 3194040235 win 5549 (DF) Mar 07 10:58:10.183314 rule 1/0(match): block in on fxp0: user.ip.address.1502 > my.ip.address.443: F 71819657:71819657(0) ack 963312026 win 5549 (DF) Mar 07 11:52:59.986506 rule 1/0(match): block in on fxp0: user.ip.address.1586 > my.ip.address.443: R 75169994:75169994(0) win 0 (DF) Mar 07 11:52:59.990614 rule 1/0(match): block in on fxp0: user.ip.address.1585 > my.ip.address.443: R 75170656:75170656(0) win 0 (DF)
I'm curious as to why the above traffic is being block on port 443.
Thanks for your help. Any other suggestions concerning my ruleset would be greatly appreciated.
-- Sid Keller
