Mike Jackson wrote:

I have a 5.2.1 firewall box that also has a mailserver.


- firewall can send and receive mail <-> rest of the world
- firewall can send and receive mail <-> internal LAN machines
- firewall blocks internal LAN machines from connecting to
  external SMTP servers

firewall/mail gw
xl0 - public interface
xl1 - private interface (gateway ip for LAN)

I tried something like:

block out quick on xl1 proto tcp from any to any port = 25

with no effect, workstations could still get past it.

Any help would be appreciated :-)


So, you're using ipf or ipfilter, not ipfw, as I take it from your syntax.

I imagine the ipfilter gurus on the
list would like to see your entire

IIRC, your firewall is a "last match"
setup rather than "first match."  Might
have something to do with it.  If the machine
is running NAT/divert whatever, it might
well be diverting before blocking?  But I'm
wrong so often it's not very funny ... and
I use ipfw instead of ipf.....

The other thing I see; using ipfw, I'd be
blocking traffic from LAN to dst-port 25
via the *outside* interface...so, can you put
an "allow server out via 25" and then a "deny
any out via 25" on your xl0?  What does that

Kevin Kinsey
DaleCo, S.P.
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to