Hello everyone,
Our domain users authenticate from Squid through Samba services. They need to send and receive email with Outlook from a Terminal Server session. Terminal Server IP adresses are 192.168.99.128/25. But they can't. Help me please and consider I am not a FreeBSD professional. My pf.conf is as below:
OS:Freebsd FreeBSD 9.2 and Squid
Our domain users authenticate from Squid through Samba services. They need to send and receive email with Outlook from a Terminal Server session. Terminal Server IP adresses are 192.168.99.128/25. But they can't. Help me please and consider I am not a FreeBSD professional. My pf.conf is as below:
OS:
Code:
ext_if="em2"
ext_ip="x.x.x.x"
int_if="em0"
sync_if="em1"
vlan1000_if="vlan1000"
safe_ports="{ 53,8080,22,8140 }"
safe_nat_ports="{ 110,25,143,993,443,587,465,995,3000,389,21,20,53,161,3389 }"
table persist file "/etc/clients/clients.conf"
#set block-policy drop
set skip on lo0
set skip on $int_if
set skip on $vlan1000_if
#set debug misc
scrub in all
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from 192.168.99.128/25 to any port $safe_nat_ports -> $ext_if
nat on $ext_if from 12.0.0.0/21 to any port $safe_nat_ports -> $ext_if
nat on $ext_if from to any -> $ext_ip
nat on $ext_if from 192.168.99.128/25 to any port 25 -> $ext_if
nat on $ext_if from 192.168.99.128/25 to any port 110 -> $ext_if
pass in all
block out quick on ext_if proto tcp to port 445
block out quick on ext_if proto udp to port 445
pass out all
antispoof quick for { lo $int_if }