On Wed, Oct 20, 2004 at 10:56:21PM -0700, George Pontis wrote: > pass out on $int_if from any to $lan_net
Try adding 'keep state' to this rule. You didn't provide the accurate ruleset. What you quoted would not allow the TCP SYN to pass in on $ext_if1 after the destination address translation, hence the mail server would never see any TCP SYN, there would be no TCP handshake completed, and the MTA would not see any reset connections. If the problem persists, reduce your ruleset to the minimum required to reproduce the problem, then post that ruleset verbatim. Daniel
