netbsd-help: Re: HELP w/ipf, DHCP & postfix

Subject: Re: HELP w/ipf, DHCP & postfix
To: Pimin <pimin@rockhead.com>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-help
Date: 11/11/2006 23:51:59
On Fri, Nov 10, 2006 at 10:57:42PM -0800, Pimin wrote:
> Running NetBSD 3.0.1 & postfix 2.3.3.
> 
> Apologies if I'm in the wrong list, being incredible dense and/or not including relevant
> information.
> 
> I've appended the ipf settings for tlp1 (cable).  "Cable" is a DHCP connection.
> When "cable" is up it is my default route.  Postfix has been told (via inet_interfaces)
> that it should use the "DSL" (rockhead.com) line.  Things seem to work well except that 
> I get the following on the "cable" interface:
> 
>      11:58:29.493860 IP rockhead.com.smtp > dsl-189-156-21-235.prod-infinitum.com.mx.2041: \
>         S 1045339041:1045339041(0) ack 331392030 win 32768 <mss 1460,sackOK,nop,nop>
> 
> The "DSL" addr seems to be actually going out the "cable" interface, I get responses
> on the "DSL" interface.
> 
> I don't understand why the "DSL" ip addr is being used on the "cable" interface.
> I must have to do something else to get the "cable" ipaddr to be used on the "cable"
> interface?  The ".smtp" traffic is the only traffic I see with the "DSL" ipaddr.
> (Using "tcpdump -i tlp1 host rockhead.com")
> 
> I use fetchmail to retrieve my "cable" mail so a complete remap of port 25 to "DSL"
> doesn't seem doable.
> 
> I thought the first 7 lines from the ipf.conf file would fix this problem?
> 
> Where did I go wrong?
> 
> TIA,
> Paul
> 
> pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.40  to any
> pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.41  to any
> pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.42  to any
> pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.43  to any
> pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.44  to any
> pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.45  to any
> pass out log quick on tlp1 to tlp0 proto tcp/udp from 209.128.91.46  to any

You may need to specify the default route to which the packet has to be
sent on tlp0:
pass out log quick on tlp1 to tlp0:<routerIP> proto tcp/udp from 209.128.91.46  to any

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--