More tests were conducted and I realized it did not even worked in 5.5
or in 5.4.
The trick was that sendmail changed to smtpd (from 55 to 56) but config
did not carry over (obviously) and no relayhost was set. Mea culpa that
I did not spot it earlier.
Split horizon is good solution until you're operating only with DNS names.
While I was testing I indeed found the rdr page (quoted by Peter) and
tested the other two solutions.
- it works with inetd (proxy to nc)
- and also works with relayd
Do you guys see any cons using relayd (and anchor) with pf replacing my
rdr-to rules?
(I know, first rule is to read after and I must admit homework is not
yet done)
Thanks for the help for all of you putting me back on the right track.
Regards,
Laszlo
On 2014.11.23. 22:44, Jason Adams wrote:
On 11/23/2014 01:12 PM, Peter N. M. Hansteen wrote:
Jason Adams <[email protected]> writes:
Tom Estep (shorewall) has a faq about this issue (routeback)
that applies to the iptables world http://shorewall.net/4.2/FAQ.htm#faq2
also read faq2b at same link.
I must confess not reading this thread too carefully, but if what that
faq describes is the problem, you need to look at the contortions taken at eg
http://www.openbsd.org/faq/pf/rdr.html#reflect
Also a variation at http://home.nuug.no/~peter/pf/newest/rdr2servers.html and
the slides immediately following.
- Peter
In the end, I went with a split horizon dns server, as your first link (and
Shorewall)
suggested.
Since I was setting up a dns server anyway, and this did in fact solve all of
our problems (mail and
web)
in one stroke rather than a dozen rules.
I believe the RDR-TO and NAT-TO Combination mentioned in your first slide was
the
alternative but it required two rules for each service, and you can just forget
about ftp.
Still I wonder why it USED to work for Soós László in 5.5?
