Dear List,
I'm struggling to understand which change in 5.6 implied that my pf
redirects do not work anymore on the openbsd host itself.
It all worked okay in OpenBSD 5.5, I did not change anything in the
ruleset, just updated from 5.5 -> 5.6.
Is there anybody who is facing similar issue with pf in OpenBSD 5.6? Is
there any solutions for it?
[root ~]# ifconfig em0
em0: flags=28843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6> mtu 1500
lladdr 00:0c:29:xx:xx:xx
inet yy.yy.yy.131 netmask 0xffffff00 broadcast yy.yy.yy.255
[root ~]# pfctl -sr -vv | less
...
@88 pass in quick inet proto tcp from any to yy.yy.yy.131 port = 25
flags S/SA keep state (if-bound) rdr-to 10.9.8.4
[ Evaluations: 783 Packets: 533 Bytes: 126263 States: 1 ]
[ Inserted: uid 0 pid 17457 State Creations: 22 ]
...
pf.conf sniplet
-------------------
set skip on lo
....
pass in quick proto tcp from any to $ext_ip port smtp
rdr-to $int_host_mail
Telnet from external host (command doesnt run on OpenBSD host itself) -
NORMAL, EXPECTED BEHAVIOUR
--------------------------------------------------------------------------------------------------
[user@neptun ~]$ telnet yy.yy.yy.131 25
Trying yy.yy.yy.131...
Connected to yy.yy.yy.131.
Escape character is '^]'.
220 xxxxxxxxxxxx Enterprise SMTP
Telnet on the same host (command run on the OpenBSD host) - BAD,
UNEXPECTED BEHAVIOUR
-------------------------------------------------------------------------------------
[root ~]# telnet yy.yy.yy.131 25
Trying yy.yy.yy.131...
telnet: connect to address yy.yy.yy.131: Connection refused
tcpdump -n -e -ttt -i lo0
-------------------------
Nov 22 21:48:00.412831 yy.yy.yy.131.45211 > yy.yy.yy.131.25: S
3874066020:3874066020(0) win 16384 <mss 32728,nop,nop,sackOK,nop,wscale
3,nop,nop,timestamp 1676993348 0> (DF) [tos 0x10]
Nov 22 21:48:00.412840 yy.yy.yy.131.25 > yy.yy.yy.131.45211: R 0:0(0)
ack 3874066021 win 0 (DF)
Thanks,
Laszlo
