I used to run OpenBSD a long time ago, moved to Linux but now am making the transition to FreeBSD with ZFS to replace my Linux boxes, time has been the real issue and there have been so many cool things that are now in FreeBSD like zfs and the new package commands etc..
I still have my old pf.conf from the OpenBSD box.. but the syntax seems to be different.. so after many hours, I did get the gateway working but have this one thing and one other minor thing to solve..
FreeBSD 10.3 smtp gateway running (OpenBSD) spamd and amavisd.
The FreeBSD box replaced a Linux box and was working with what I am trying to do with FreeBSD.
Postfix is the MTA.
Email flow
Working
FreeBSD Gateway (filter spamd / amavisd) ==>port 2525 ==>Home Email
Not working
Home Email ==>port 2525 ==> FReeBSD ==> email out
Quote:
ext_if="bge0"
## macros
tcp_services = "{ ssh, smtp, domain, www }"
ssh2 = "{ 23991 }"
email_services = "{ 2525}"
udp_services = "{ domain, ntp }"
myemail = "{other IP, email server}"
set skip on lo0
scrub in all
### Spamd #####
table <spamd-white> persist
table <bruteforce> persist
## tried , doesn't work
#no rdr inet proto tcp from $myemail to \
port $email_services
no rdr inet proto tcp from <spamd-white> to any \
port smtp
rdr pass inet proto tcp from any to any \
port smtp -> 127.0.0.1 port spamd
### Spamd end #####
## Fiter rules
block in log all
pass quick on lo0
pass quick proto { tcp, udp } from any to any port ssh \
flags S/SA keep state \
(max-src-conn 5, max-src-conn-rate 5/3, \
overload <bruteforce> flush global)
## rule for rdr for port 2525 -- incorrect syntax
# pass in quick from $myemail port $email_services to any port smtp
pass in proto tcp to any port $tcp_services keep state
pass out proto tcp to any port $tcp_services keep state
## send to my email server on non-standard port
pass out proto tcp to any port $email_services keep state
pass out proto tcp to any port 2200 keep state
pass proto udp to any port $udp_services keep state
pass inet proto icmp from localhost to any keep state
|
rc.conf (partial)
Quote:
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for PF
pf_flags="" # additional flags for pfctl startup
pflog_enable="YES" # start pflogd(8)
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd startup
################
# Pf Spamd
obspamd_enable="YES"
obspamlogd_enable="YES"
spamd_flags="-v -G2:4:864"
spamd_grey="YES" # use spamd greylisting if YES
spamlogd_flags="-I -i lo0"
|
I will keep trying to figure this and do see the traffic from my Home email server dropped when coming in on port 2525...
Thx