Re: Sending mail from external firewall to external mail server (behind firewall)
Hello, Original-Nachricht Datum: Tue, 19 Feb 2008 22:36:20 -0600 Von: Albert Chin [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Sending mail from external firewall to external mail server (behind firewall) ... snip... rdr pass log on $ext_if inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw From the Internet, if I telnet 67.95.107.111 25, everything works. But, on hammer: hammer% telnet 67.95.107.111 25 Trying 67.95.107.111... telnet: connect to address 67.95.107.111: Connection refused ... snip ... see man pf.conf, especially paragraph Translation rules apply only to packets that pass through the specified interface,... Regards Stefan Kell
Re: Sending mail from external firewall to external mail server (behind firewall)
On Wed, Feb 20, 2008 at 08:55:44AM +0100, Stefan Kell wrote: Original-Nachricht Datum: Tue, 19 Feb 2008 22:36:20 -0600 Von: Albert Chin [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Sending mail from external firewall to external mail server (behind firewall) ... snip... rdr pass log on $ext_if inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw From the Internet, if I telnet 67.95.107.111 25, everything works. But, on hammer: hammer% telnet 67.95.107.111 25 Trying 67.95.107.111... telnet: connect to address 67.95.107.111: Connection refused ... snip ... see man pf.conf, especially paragraph Translation rules apply only to packets that pass through the specified interface,... Thanks. I've changed my pf rule from: rdr pass log on $ext_if inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw to: rdr pass log inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw This certainly helps for hosts on the local network. But, the issue with telnet 67.95.107.111 25 not working on hammer remains. BTW, we are running OpenBSD 4.0 on x86. -- albert chin ([EMAIL PROTECTED])
Re: Sending mail from external firewall to external mail server (behind firewall)
Hello, On Wed, 20 Feb 2008, Albert Chin wrote: On Wed, Feb 20, 2008 at 08:55:44AM +0100, Stefan Kell wrote: Original-Nachricht Datum: Tue, 19 Feb 2008 22:36:20 -0600 Von: Albert Chin [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Sending mail from external firewall to external mail server (behind firewall) ... snip... rdr pass log on $ext_if inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw From the Internet, if I telnet 67.95.107.111 25, everything works. But, on hammer: hammer% telnet 67.95.107.111 25 Trying 67.95.107.111... telnet: connect to address 67.95.107.111: Connection refused ... snip ... see man pf.conf, especially paragraph Translation rules apply only to packets that pass through the specified interface,... Thanks. I've changed my pf rule from: rdr pass log on $ext_if inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw to: rdr pass log inet proto tcp from any to $mail_ip \ port = smtp - $emma_gw This certainly helps for hosts on the local network. But, the issue with telnet 67.95.107.111 25 not working on hammer remains. BTW, we are running OpenBSD 4.0 on x86. Have a look at the pf-FAQ, see http://www.openbsd.org/faq/pf/rdr.html;. Your problem is discussed there. I think you cannot test redirection on the firewall itself because the packets won't reach the redirection stuff in pf. Regards Stefan Kell
