Re: openbsd 5.6 - pf does not work on local redirects

2014-11-24 Thread Stuart Henderson
On 2014-11-22, Soós László soos.las...@demonhost.hu wrote: Dear List, I'm struggling to understand which change in 5.6 implied that my pf redirects do not work anymore on the openbsd host itself. It all worked okay in OpenBSD 5.5, I did not change anything in the ruleset, just updated from

Re: openbsd 5.6 - pf does not work on local redirects

2014-11-24 Thread Soós László
More tests were conducted and I realized it did not even worked in 5.5 or in 5.4. The trick was that sendmail changed to smtpd (from 55 to 56) but config did not carry over (obviously) and no relayhost was set. Mea culpa that I did not spot it earlier. Split horizon is good solution until

Re: openbsd 5.6 - pf does not work on local redirects

2014-11-23 Thread Soós László
So if I understand right you suspect that my ISP is filtering out the SMTP packets. My problem is the other way around. When I try externally (telnet to yy.131 port 25) it works When I try on the OpenBSD host (which is the firewall itself) it does NOT work. It looks like for me OpenBSD

Re: openbsd 5.6 - pf does not work on local redirects

2014-11-23 Thread Jason Adams
No, I don't mean to make allegations about what your ISP is doing, just pointing out that this is not ALWAYS a firewall problem. I have seen several cases where ISPs drop any packet from the internal network that tries to enter via the external interface. Its done in the modem. In these

Re: openbsd 5.6 - pf does not work on local redirects

2014-11-23 Thread Peter N. M. Hansteen
Jason Adams adams...@gmail.com writes: Tom Estep (shorewall) has a faq about this issue (routeback) that applies to the iptables world http://shorewall.net/4.2/FAQ.htm#faq2 also read faq2b at same link. I must confess not reading this thread too carefully, but if what that faq describes is

Re: openbsd 5.6 - pf does not work on local redirects

2014-11-23 Thread Jason Adams
On 11/23/2014 01:12 PM, Peter N. M. Hansteen wrote: Jason Adams adams...@gmail.com writes: Tom Estep (shorewall) has a faq about this issue (routeback) that applies to the iptables world http://shorewall.net/4.2/FAQ.htm#faq2 also read faq2b at same link. I must confess not reading this

openbsd 5.6 - pf does not work on local redirects

2014-11-22 Thread Soós László
Dear List, I'm struggling to understand which change in 5.6 implied that my pf redirects do not work anymore on the openbsd host itself. It all worked okay in OpenBSD 5.5, I did not change anything in the ruleset, just updated from 5.5 - 5.6. Is there anybody who is facing similar issue with

Re: openbsd 5.6 - pf does not work on local redirects

2014-11-22 Thread Jason Adams
On 11/22/2014 12:50 PM, Soós László wrote: Telnet on the same host (command run on the OpenBSD host) - BAD, UNEXPECTED BEHAVIOUR - [root ~]# telnet yy.yy.yy.131 25 Trying yy.yy.yy.131... telnet: connect to