[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pf and Microsoft Exchange IMAPS



Hello and thanks for your help,
Changing rdr rule make no difference, adding proto udp also.
with :
 pass in quick on $int_if \
        proto tcp \
        from any to 192.168.1.1 port imaps synproxy state 
I have :
 self tcp 192.168.1.1:993 <- 192.168.1.236:993 <- 192.168.1.233:1289       PROXY:DST
 self tcp 192.168.1.1:993 <- 192.168.1.236:993 <- 192.168.1.233:1290       PROXY:DST
when using pfctl -ss and trying a connection (I make the test on internal interface so don't be surprise by the network address, 1.236 is my internal firewall address, 1.233 is my outlook client address)
With :
 pass in quick on $int_if \
        proto tcp \
        from any to 192.168.1.1 port imaps keep state
I have :
 self tcp 192.168.1.15:993 <- 192.168.1.236:993 <- 192.168.1.233:1292       CLOSED:SYN_SENT
and outlook client say "failed to connect" 
So I must use synproxy and flags make no difference.
Maybe the problem come from an SSL certificate because if a try a direct connection on Exchange server I have to accept a certificate before going further.
Regards,
Raphael
-----Message d'origine-----
De : Peter N. M. Hansteen [mailto:[email protected]]
Envoyé : mercredi 16 novembre 2005 17:29
À : Raphael GRUNDRICH
Objet : Re: pf and Microsoft Exchange IMAPS
"Raphael GRUNDRICH" <[email protected]> writes:
> pass in quick on $ext_if \
>          proto tcp \
>          from any to 192.168.1.1 port imaps flags S/SA synproxy state
Looking at my /etc/services it looks like imaps is one of those services
which has both udp and tcp variants. I have No Idea if it matters in
your case, though.
another thing - does changing this
>>  rdr on $ext_if proto tcp from any to any port 993 -> 192.168.1.1
to
rdr on $ext_if proto tcp from any to $ext_if port 993 -> 192.168.1.1
make a difference?
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"