Re: [PF] Strange Blocks

Fri, 01 May 2009 19:18:14 -0700 

have you looked at the output from `pfctl -sr'? might give you a clue.

--patrick


On Fri, May 1, 2009 at 9:09 AM, dug <[email protected]> wrote:
> Hello,
>
> I have some filter problems with a new installed firewall with Openbsd 4.4
> using PF.
>
> This Firewall is connect to Internet and to a private network.
> On this private network there is B another Freebsd router which is a
> connected to
> a second private network. On it, there is a mail server.
>
> To summarize :
>
> | Internet | B  --------- B  | (em3) OpenBsd FW B (em0) | ----------- |
Freebsd
> Router |
>
> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B |
>
> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B |
>
> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B |
>
> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  | Mail Server |
>
>
> On OpenBsd FW, I set these rules :
>
> rdr on em3 inet proto tcp from any to <public-ip> port https ->
> B <mail-server> port https
> rdr on em3 inet proto tcp from any to <public-ip> port smtp ->
> B <mail-server> port smtp
>
> block log all
>
> #Allow SMTP, HTTPS
> pass quick proto tcp from any to {<public-ip> <mail-server>} port 25
> pass quick proto tcp from any to {<public-ip> <mail-server>} port 443
> pass quick proto tcp from {<public-ip> <mail-server>} port 25 to any
> pass quick proto tcp from {<public-ip> <mail-server>} port 25 to any
> pass quick proto tcp from any port 25 to {<public-ip> <mail-server>}
> pass quick proto tcp from {<public-ip> <mail-server>} B to any port 25
>
> On pflog0 interface, I have these logs :
>
> # tcpdump -vvveni pflog0
> tcpdump: listening on pflog0, link-type PFLOG
> block in on em0: mail-server.443 > 149.6.161.125.58350: [|tcp] (ttl 63, id
> 49121, len 40)
>
> block in on em0: mail-server.59902 > 81.255.99.202.25: [|tcp] (ttl 63, id
> 14511, len 40)
>
> block in on em0: mail-server.59902 > 81.255.99.202.25: [|tcp] (ttl 63, id
> 40161, len 52)
>
> block in on em0: mail-server.25 > 81.28.185.240.1777: [|tcp] (ttl 63, id
> 4151, len 41)
>
> I have only one block rule (As you can guess, when I delete this rule, all
> work good).
> I don't understand why these packets don't match my pass rules.
>
> Somebody have already seen it or have any idea to solve it ?
>
> Thanks.

Reply via email to