Mike Jackson wrote:
Hi,
I have a 5.2.1 firewall box that also has a mailserver.
Goal:
- firewall can send and receive mail <-> rest of the world
- firewall can send and receive mail <-> internal LAN machines
- firewall blocks internal LAN machines from connecting to
external SMTP servers
firewall/mail gw
-----------------------
xl0 - public interface
xl1 - private interface (gateway ip for LAN) 192.168.1.1
I tried something like:
block out quick on xl1 proto tcp from any to any port = 25
with no effect, workstations could still get past it.
Any help would be appreciated :-)
Thanks,
So, you're using ipf or ipfilter, not
ipfw, as I take it from your syntax.
I imagine the ipfilter gurus on the
list would like to see your entire
ruleset.
IIRC, your firewall is a "last match"
setup rather than "first match." Might
have something to do with it. If the machine
is running NAT/divert whatever, it might
well be diverting before blocking? But I'm
wrong so often it's not very funny ... and
I use ipfw instead of ipf.....
The other thing I see; using ipfw, I'd be
blocking traffic from LAN to dst-port 25
via the *outside* interface...so, can you put
an "allow server out via 25" and then a "deny
any out via 25" on your xl0? What does that
do?
Kevin Kinsey
DaleCo, S.P.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
