Re: Strange problem with new ISP

["Ralph Utbult" <ralph.utbult@gbg.abf.se>]

Thanks all for your support!

The problem is solved - at least as far as my users are concerned...

I've set up a NetGear FVS318 as a firewall. My OpenBSD sits behind it and
runs sendmail. So, the real problem is not solved yet... I'll post it
if/when I find it!

/Ralph Utbult

>
> On Sat, 1 Feb 2003, Ralph Utbult wrote:
>
> > I've had my firewall for over four years now. It's been
> upgraded from 2.? to
> > 2.8, but not since. It hasn't caused me any trouble, until we
> changed ISP.
> > Suddenly, a lot of mail bounces (I run sendmail, cucipop, squid) and it
> > won't let me use attachments in hotmail. We have done a lot of
> work, trying
> > to find the source. As a last, I took another machine and
> installed a fresh
> > OpenBSD 3.2 on it. No sendmail configuration, no cucipop, no
> squid. The only
> > thing I've done with it is setting up PF - a small amount of
> rules, just to
> > keep me happy ;) This damn thing does the exact same as the old one,
> > refusing me to attach files in hotmail (and other web-based
> mail services)!
> > So, what is the problem? I give you my PF.conf in the hope that you find
> > something missing there.
> >
> > Regards,
> > Ralph Utbult
> >
> > # scrub in all
> >
> > enic=”xl0”	external NIC
> > inic=”de0”	internal NIC
> >
> > nat on $enic from 192.168.1.0/24 to any ->62.127.120.98
> >
> > block in log all
> > pass out on $enic all
> > pass in quick on $inic all
> > pass out quick on $inic all
> > pass in quick on lo0 all
> >
> > block in log quick on $enic from {0.0.0.0/32, 10.0.0.0/8, 127.0.0.0/8, \
> > 172.16.0.0/12, 192.168.0.0/16, 255.255.255.25/32} to any
> >
> > pass in quick on $enic inet proto icmp all icmp-type 0
> > pass in quick on $enic inet proto icmp all icmp-type 3
> > pass in quick on $enic inet proto icmp all icmp-type 11
> >
> > pass in quick on $enic inet proto tcp from any to any port 22 flags S/SA
> > keep state
> >
> > pass  out on $enic proto tcp all keep state