Re: Clients receive only first 4k (issue with pf.conf) -- ignore others
From: Giorgos Keramidas (keramida_at_ceid.upatras.gr)
Date: 05/30/05
- Previous message: Wayne Sierke: "Re: Can I mount an ISO image directly with mount?"
- In reply to: Scott Stevenson: "Re: Clients receive only first 4k (issue with pf.conf) -- ignore others"
- Next in thread: Karol Kwiatkowski: "issue with pf.conf (was: Re: Clients receive only first 4k (issue with pf.conf) -- ignore others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 30 May 2005 22:11:14 +0300 To: Scott Stevenson <scott@maxify.com>
On 2005-05-30 11:31, Scott Stevenson <scott@maxify.com> wrote:
> On May 30, 2005, at 9:23 AM, Scott Stevenson wrote:
> >The problem is that if I use the version without "keep state," the
> >machine can't send outbound mail, and I see messages like this in
> >maillog:
> >
> > May 30 09:14:33 vertigo qmail: 1117469673.126013 delivery 639634: deferral
> > Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
> >
> >In fact, I tried to send this message to the list twice yesterday,
> >but realized that mail packets were being filtered out. I looked at
> >pflog0 while mail was being sent, but I wasn't able to find the
> >bounced packets. Here's the relevant smtp line:
> >
> > pass in quick on $ext_if proto { tcp, udp } from any to any port 25
> >
> >
> >I'm much more familiar with the firewalls bundled with various linux
> >distributions, so I'm really stumped. I've read through various
> >sections of the PF faq, but I haven't found an answer to this.
>
> Sorry to post *yet again* on this, but I think I finally figured out
> what was wrong. I want to post a follow-up for the archives. The
> solution to "partial page" Apache problem was to balance the "keep
> state" directives.
>
>
> Originally, the httpd line looked like this:
>
> pass in quick on $ext_if proto { tcp, udp } from any to any port 80
>
> And the "out" line looked like this:
>
> pass out on $ext_if proto { tcp, udp } all keep state
>
> The solution was to change the httpd line to this:
>
> pass in quick on $ext_if proto { tcp, udp } from any to any port 80 keep state
>
> Does it make sense that I'd need "keep state" for both in and out, or
> is this a PF bug?
Yes, it makes sense. This is the correct way to do it.
> Should I add it to these as well?
>
> pass in quick on $ext_if proto { tcp, udp } from any to any port 25
> pass in quick on $ext_if proto { tcp, udp } from any to any port 53
Yes, if you want those services visible from the outside.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Wayne Sierke: "Re: Can I mount an ISO image directly with mount?"
- In reply to: Scott Stevenson: "Re: Clients receive only first 4k (issue with pf.conf) -- ignore others"
- Next in thread: Karol Kwiatkowski: "issue with pf.conf (was: Re: Clients receive only first 4k (issue with pf.conf) -- ignore others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
