[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Perplexed about pf

To: <misc@openbsd.org>
Subject: Perplexed about pf
From: "Richard P. Koett" <mail-lists@telus.net>
Date: Thu, 2 Jan 2003 18:37:39 -0800

An internal mailserver is sending mail to a mailserver
in the DMZ on a 3-legged (3.2) firewall. (Internal is
running MS-Exchange, external is running Linux/Exim).

When receiving messages more than about 10-20 Kb,
the message transfer aborts with an error message like
"SMTP data timeout (message abandoned) ..."

On the intervening firewall, if I do "pfctl -F rules"
the transfers will work.

Sounds simple right? The firewall is blocking something.
However, I am at a loss to see what is getting blocked.

Every "block" statement in my pf.conf uses the "log" option,
but no blocked packets are being logged. I even tried
commenting out all the "block" statements, flushing and
reloading the rules. Still no good. Getting rid of "scrub"
did not help either. All that this leaves is NAT, and that
can't be causing transfers to die midway through.

Can anyone suggest why loading my pf rules causes
e-mail with sizeable attachments to fail, when pf is not
logging any blocked packets?

My pf.conf can be viewed at http://www.koett.ca/pf.txt

TIA,
Richard.

Follow-Ups:
- Re: Perplexed about pf
  - From: "miscbsd" <miscbsd@sapl.ab.ca>

Prev by Date: Re: Are the FSF helpful?
Next by Date: what is wrong with this rdr rule?
Prev by thread: Re: Built-In Apache & HTTPS
Next by thread: Re: Perplexed about pf
Index(es):
- Date
- Thread