OK, now we're making some progress. Again, using an IP that is working, and
one that is not working, I enabled logging of inbound packets on port 25.
Sure enough, I see the ones for the IP that is working, but not the ones for
the IP that is not working. So, I'm not getting those packets in to the
firewall. Traceroute shows that the packets seem to be bouncing back and
forth between two routers.

I think I"m close to finding the problem, and it doesn't seem to be the
firewall at all! Big thanks for all your help.


"erik" <erik@geenspam.vanwesten.net> wrote in message
news:3fa52c1d$0$58704$e4fe514c@news.xs4all.nl...
> Dan Bent wrote:
>
> > Thanks for the helpful response.
> >
> > Here's what I get with tcpdump, when I try an address in my IP block
> > that I expect should be blocked:
> > Nov 02 09:56:36.834464 rule 3/0(match): block in on rl0:
> > 68.58.115.214.3917
> >> 64.72.133.30.25: S 2523218479:2523218479(0) win 16384 <mss
> > 1460,nop,nop,sackOK> (DF)
> >
> > This shows that pf is working and logging.
> >
> > When I try an address that I expect will work, tcpdump has no output,
> > suggesting that the packets pass the filter, as I would expect. So,
> > perhaps the problem is elsewhere. What else might I check on?
> >
> >
>
> Ok. so use tcpdump on incoming and outgoing interfaces to see if the
> packets really pass the firewall.
>
> Hmmm, you did configure the default gateway on the new machines, did
> you?
>
> BTW, please don't toppost, it gets very hard to follow what's going
> on...
>
>
> HTH,
>
> EJ
> --
> Remove the obvious part (including the dot) for my email address.
> http://www.vanwesten.net for examples of ipf and pf.
>