Subject: HELP w/ipf, DHCP & postfix
To: None <netbsd-help@NetBSD.org>
From: Pimin <pimin@rockhead.com>
List: netbsd-help
Date: 11/10/2006 22:55:37
Running NetBSD 3.0.1 & postfix 2.3.3.
Apologies if I'm in the wrong list, being incredible dense and/or not including relevant
information.
I've appended the ipf settings for tlp1 (cable). "Cable" is a DHCP connection.
When "cable" is up it is my default route. Postfix has been told (via inet_interfaces)
that it should use the "DSL" (rockhead.com) line. Things seem to work well except that
I get the following on the "cable" interface:
11:58:29.493860 IP rockhead.com.smtp > dsl-189-156-21-235.prod-infinitum.com.mx.2041: \
S 1045339041:1045339041(0) ack 331392030 win 32768 <mss 1460,sackOK,nop,nop>
The "DSL" addr seems to be actually going out the "cable" interface, I get responses
on the "DSL" interface.
I don't understand why the "DSL" ip addr is being used on the "cable" interface.
I must have to do something else to get the "cable" ipaddr to be used on the "cable"
interface? The ".smtp" traffic is the only traffic I see with the "DSL" ipaddr.
(Using "tcpdump -i tlp1 host rockhead.com")
I use fetchmail to retrieve my "cable" mail so a complete remap of port 25 to "DSL"
doesn't seem doable.
I thought the first 7 lines from the ipf.conf file would fix this problem?
Where did I go wrong?
TIA,
Paul
pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.40 to any
pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.41 to any
pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.42 to any
pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.43 to any
pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.44 to any
pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.45 to any
pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.46 to any
pass out log quick on tlp1 to ppp0 proto tcp/udp from any to 172.17/24
block in log quick on tlp1 from any to 172.16.89.42 port = 25
block in log quick on tlp1 from any to 172.16.89.42 port = 25
pass out log quick on tlp1 to tlp0 from 209.128.91.40 to any
pass out log quick on tlp1 to tlp0 from 209.128.91.41 to any
pass out log quick on tlp1 to tlp0 from 209.128.91.42 to any
pass out log quick on tlp1 to tlp0 from 209.128.91.43 to any
pass out log quick on tlp1 to tlp0 from 209.128.91.44 to any
pass out log quick on tlp1 to tlp0 from 209.128.91.45 to any
pass out log quick on tlp1 to tlp0 from 209.128.91.46 to any
block in log quick on tlp1 proto icmp from any to w95.rockhead.com
block in log quick on tlp1 from any to w95.rockhead.com port = 376
block in log quick on tlp1 from any to w95.rockhead.com port = 25
block in log quick on tlp1 from any to w95.rockhead.com port = 80
block in log quick on tlp1 from any to w95.rockhead.com port = 134
block out log quick on tlp1 from any to w95.rockhead.com port = 135
block in log quick on tlp1 from any to w95.rockhead.com port = 135
block in log quick on tlp1 from any to w95.rockhead.com port = 136
block in log quick on tlp1 from any to w95.rockhead.com port = 160
block in log quick on tlp1 from any to w95.rockhead.com port = 445
block out log quick on tlp1 from any to w95.rockhead.com port = 445
block out log quick on tlp1 from any to w95.rockhead.com port = 1024
block out log quick on tlp1 from any to w95.rockhead.com port = 1080
block out log quick on tlp1 from any to w95.rockhead.com port = 2000
block out log quick on tlp1 from any to w95.rockhead.com port = 2001
block in log quick on tlp1 from any to w95.rockhead.com port = 5554
block out log quick on tlp1 from any to w95.rockhead.com port = 5554
block in log quick on tlp1 from any to w95.rockhead.com port = 5742
block out log quick on tlp1 from any to w95.rockhead.com port = 5742
block in log quick on tlp1 from any to w95.rockhead.com port = 9996
block out log quick on tlp1 from any to w95.rockhead.com port = 9996
block out log quick on tlp1 from any to w95.rockhead.com port = 12345
block out log quick on tlp1 from any to w95.rockhead.com port = 12346
block out log quick on tlp1 from any to w95.rockhead.com port = 20034
block out log quick on tlp1 from any to w95.rockhead.com port = 31337
block out log quick on tlp1 from any to w95.rockhead.com port = 40421
block out log quick on tlp1 from any to w95.rockhead.com port = 40425
block out log quick on tlp1 from any to w95.rockhead.com port = 54320
block in log quick on tlp1 proto icmp from any to pauls-pc
block in log quick on tlp1 from any to pauls-pc port = 376
block in log quick on tlp1 from any to pauls-pc port = 25
block in log quick on tlp1 from any to pauls-pc port = 80
block in log quick on tlp1 from any to pauls-pc port = 134
block out log quick on tlp1 from any to pauls-pc port = 135
block in log quick on tlp1 from any to pauls-pc port = 135
block in log quick on tlp1 from any to pauls-pc port = 136
block in log quick on tlp1 from any to pauls-pc port = 160
block in log quick on tlp1 from any to pauls-pc port = 445
block out log quick on tlp1 from any to pauls-pc port = 445
block out log quick on tlp1 from any to pauls-pc port = 1024
block out log quick on tlp1 from any to pauls-pc port = 1080
block out log quick on tlp1 from any to pauls-pc port = 2000
block out log quick on tlp1 from any to pauls-pc port = 2001
block in log quick on tlp1 from any to pauls-pc port = 5554
block out log quick on tlp1 from any to pauls-pc port = 5554
block in log quick on tlp1 from any to pauls-pc port = 5742
block out log quick on tlp1 from any to pauls-pc port = 5742
block in log quick on tlp1 from any to pauls-pc port = 9996
block out log quick on tlp1 from any to pauls-pc port = 9996
block out log quick on tlp1 from any to pauls-pc port = 12345
block out log quick on tlp1 from any to pauls-pc port = 12346
block out log quick on tlp1 from any to pauls-pc port = 20034
block out log quick on tlp1 from any to pauls-pc port = 31337
block out log quick on tlp1 from any to pauls-pc port = 40421
block out log quick on tlp1 from any to pauls-pc port = 40425
block out log quick on tlp1 from any to pauls-pc port = 54320
block in log quick on tlp1 proto icmp from any to glorias-pc.rockhead.com
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 376
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 25
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 80
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 134
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 135
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 135
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 136
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 160
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 445
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 445
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 1024
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 1080
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 2000
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 2001
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 5554
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 5554
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 5742
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 5742
block in log quick on tlp1 from any to glorias-pc.rockhead.com port = 9996
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 9996
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 12345
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 12346
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 20034
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 31337
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 40421
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 40425
block out log quick on tlp1 from any to glorias-pc.rockhead.com port = 54320
block in log quick on tlp1 proto icmp from any to glorias-pc
block in log quick on tlp1 from any to glorias-pc port = 376
block in log quick on tlp1 from any to glorias-pc port = 80
block in log quick on tlp1 from any to glorias-pc port = 134
block out log quick on tlp1 from any to glorias-pc port = 135
block in log quick on tlp1 from any to glorias-pc port = 135
block in log quick on tlp1 from any to glorias-pc port = 136
block in log quick on tlp1 from any to glorias-pc port = 160
block in log quick on tlp1 from any to glorias-pc port = 445
block out log quick on tlp1 from any to glorias-pc port = 445
block in log quick on tlp1 from any to glorias-pc port = 5554
block out log quick on tlp1 from any to glorias-pc port = 5554
block in log quick on tlp1 from any to glorias-pc port = 5742
block out log quick on tlp1 from any to glorias-pc port = 5742
block in log quick on tlp1 from any to glorias-pc port = 9996
block out log quick on tlp1 from any to glorias-pc port = 9996
block out log quick on tlp1 from any to glorias-pc port = 12345
block out log quick on tlp1 from any to glorias-pc port = 12346
block out log quick on tlp1 from any to glorias-pc port = 20034
block out log quick on tlp1 from any to glorias-pc port = 31337
block out log quick on tlp1 from any to glorias-pc port = 40421
block out log quick on tlp1 from any to glorias-pc port = 40425
block out log quick on tlp1 from any to glorias-pc port = 54320
block out log quick on tlp1 from any to shell4.bayarea.net port = 25
block out log quick on tlp1 from any to shell4.bayarea.net port = 109
block out log quick on tlp1 from any to shell4.bayarea.net port = 110
block out log quick on tlp1 from any to smtpout1.bayarea.net port = 25
block out log quick on tlp1 from any to smtpout1.bayarea.net port = 109
block out log quick on tlp1 from any to smtpout1.bayarea.net port = 110
block out log quick on tlp1 from any to 205.219.84.13
block out log quick on tlp1 from any to mail.bayarea.net port = 25
block out log quick on tlp1 from any to mail.bayarea.net port = 109
block out log quick on tlp1 from any to mail.bayarea.net port = 110
pass in log on tlp1 proto tcp/udp from any to any port = 22 # ssh/scp
pass in log on tlp1 proto tcp/udp from any to any port = 2222 # ssh/scp
pass in log on tlp1 proto tcp/udp from any to any port = 22022 # ssh/scp
pass in log on tlp1 proto tcp/udp from any to any port = 22222 # ssh/scp
block in log on tlp1 proto tcp/udp from any to any port = 13 # daytime
block in log on tlp1 proto tcp/udp from any to any port = 19 # chargen
block out log on tlp1 proto tcp/udp from any to any port = 19 # chargen
block in log on tlp1 proto tcp/udp from any to any port = 21 # ftp
block in log on tlp1 proto tcp/udp from any to any port = 23 # telnet
block in log on tlp1 from any to any port = 23 # telnet
block in log on tlp1 proto tcp/udp from any to any port = 79 # finger
block in log on tlp1 proto tcp/udp from any to any port = 80 # www ... because at home blocks them anyway
block in log on tlp1 proto tcp/udp from any to any port = 109 # pop2 ... because at home blocks them anyway
block in log on tlp1 proto tcp/udp from any to any port = 110 # pop3 ... because at home blocks them anyway
block in log on tlp1 proto tcp/udp from any to any port = 111 # sunrpc
block in log on tlp1 proto tcp/udp from any to any port = 119 # news
block out log on tlp1 proto tcp/udp from any to any port = 135 # loc-srv
block out log on tlp1 proto tcp/udp from any to any port = 137 # NETBIOS Name Service
block in log on tlp1 proto tcp/udp from any to any port = 137 # NETBIOS Name Service
block out log on tlp1 proto tcp/udp from any to any port = 138 # NETBIOS Datagram Serive
block in log on tlp1 proto tcp/udp from any to any port = 138 # NETBIOS Datagram Serive
block out log on tlp1 proto tcp/udp from any to any port = 139 # NETBIOS Session Service
block in log on tlp1 proto tcp/udp from any to any port = 139 # NETBIOS Session Service
block in log on tlp1 proto tcp/udp from any to any port = 143 # imap3
block in log on tlp1 proto tcp/udp from any to any port = 161 # snmp
block in log on tlp1 proto tcp/udp from any to any port = 177 # xdmcp
block in log on tlp1 proto tcp/udp from any to any port = 213 # IPX
block in log on tlp1 proto tcp/udp from any to any port = 396 # netware-ip
block in log on tlp1 proto tcp/udp from any to any port = 445 # microsoft-ds
block in log on tlp1 proto tcp/udp from any to any port = 512 # exec/biff
block in log on tlp1 proto tcp/udp from any to any port = 513 # who/rlogin
block in log on tlp1 proto tcp/udp from any to any port = 514 # shell/syslog
block in log on tlp1 proto tcp/udp from any to any port = 515 # print spool
block out log on tlp1 proto tcp/udp from any to any port = 520 # route
block in log on tlp1 proto tcp/udp from any to any port = 525 # timed
block in log on tlp1 proto tcp/udp from any to any port = 540 # uucp
block in log on tlp1 proto tcp/udp from any to any port = 541 # rdist
block in log on tlp1 proto tcp/udp from any to any port = 556 # remotefs
block in log on tlp1 proto tcp/udp from any to any port = 587 # submission
block in log on tlp1 proto tcp/udp from any to any port = 2049 # nfs
block in log on tlp1 proto tcp/udp from any to any port = 3128 # squid-http
block in log on tlp1 proto tcp/udp from any to any port = 6000 # X11 Window system
block in log on tlp1 proto tcp/udp from any to any port = 8888 # sun-answerbook
block in log on tlp1 proto tcp/udp from any to any port = 9119 # HTTPD news