Hello and thanks for your help,
Changing rdr rule make no difference, adding proto udp also.
with :
pass in quick on $int_if \
proto tcp \
from any to 192.168.1.1 port imaps synproxy state
I have :
self tcp 192.168.1.1:993 <- 192.168.1.236:993 <- 192.168.1.233:1289
PROXY:DST
self tcp 192.168.1.1:993 <- 192.168.1.236:993 <- 192.168.1.233:1290
PROXY:DST
when using pfctl -ss and trying a connection (I make the test on internal
interface so don't be surprise by the network address, 1.236 is my internal
firewall address, 1.233 is my outlook client address)
With :
pass in quick on $int_if \
proto tcp \
from any to 192.168.1.1 port imaps keep state
I have :
self tcp 192.168.1.15:993 <- 192.168.1.236:993 <- 192.168.1.233:1292
CLOSED:SYN_SENT
and outlook client say "failed to connect"
So I must use synproxy and flags make no difference.
Maybe the problem come from an SSL certificate because if a try a direct
connection on Exchange server I have to accept a certificate before going
further.
Regards,
Raphael
-----Message d'origine-----
De : Peter N. M. Hansteen [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 16 novembre 2005 17:29
À : Raphael GRUNDRICH
Objet : Re: pf and Microsoft Exchange IMAPS
"Raphael GRUNDRICH" <[EMAIL PROTECTED]> writes:
> pass in quick on $ext_if \
> proto tcp \
> from any to 192.168.1.1 port imaps flags S/SA synproxy state
Looking at my /etc/services it looks like imaps is one of those services
which has both udp and tcp variants. I have No Idea if it matters in
your case, though.
another thing - does changing this
>> rdr on $ext_if proto tcp from any to any port 993 -> 192.168.1.1
to
rdr on $ext_if proto tcp from any to $ext_if port 993 -> 192.168.1.1
make a difference?
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
