Thanks for the helpful response.

Here's what I get with tcpdump, when I try an address in my IP block that I
expect should be blocked:
Nov 02 09:56:36.834464 rule 3/0(match): block in on rl0: 68.58.115.214.3917
> 64.72.133.30.25: S 2523218479:2523218479(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)

This shows that pf is working and logging.

When I try an address that I expect will work, tcpdump has no output,
suggesting that the packets pass the filter, as I would expect. So, perhaps
the problem is elsewhere. What else might I check on?


"erik" <erik@geenspam.vanwesten.net> wrote in message
news:3fa51356$0$58711$e4fe514c@news.xs4all.nl...
> Dan Bent wrote:
>
> > I've been running an OpenBSD firewall for a couple of years now. I
> > don't always run the latest OS version, I'm running v3.2. I'm hosting
> > servers for several domains behind the firewall, and had no trouble
> > setting up unique IP addresses and managing ports for the first 5
> > servers/domains I configured, so I began to think I knew what I was
> > doing. However, I recently tried to add two more servers/domains, and
> > I can't seem to get through the firewall to them. For example, I can
> > telnet to port 25 from the firewall machine to the private network
> > address of these machines, and I get a response from the mail servers,
> > but if I try from outside the firewall I get no response. I configured
> > pf.conf by cutting, pasting, and editing. Sections for the new
> > domains/servers look like the sections for the functioning
> > domains/servers. Obviously, I need some help, and will need to provide
> > more detailed information. What should I do to get help from this NG??
> >
>
> Posting reelvant information in this NG will generally generate help.
>
> Did you reload the ruleset? pfctl -f /etc/pf.conf. What does tcpdump
> -nettti pflog0 say when you try to access from the outside, beware you
> must log.
>
> EJ
> --
> Remove the obvious part (including the dot) for my email address.
> http://www.vanwesten.net for examples of ipf and pf.
>