# Cannot login in squirrelmail because of PF



## best (Jul 30, 2009)

when trying to login in squirrelmail i got an error message 

Error connecting to IMAP server: tls://localhost.
1 : Operation not permitted

i've already use PF firewall in my server. 
second chance i turned the PF off and login again. and it works!

here is my pf.conf :

```
ext_if="bce0"
#int_if="fxp1"

#internal_net="10.11.22.0/8"
external_addr="192.155.1.19"

### allow ping / pong ####
icmp_types = "{ echoreq, unreach }"


NoRouteIPs = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

# machines inside
webserver="192.155.1.19"

# machines outside
FISH="192.155.3.2"
STIN="192.155.1.113"
THEF="192.155.1.112"

table <AllowedToSSH> { $FISH, $STIN, $THEF }

#set skip on lo0
#set skip on gif0

scrub in all
#nat on $ext_if from $internal_net to any -> ($ext_if)

#rdr on $ext_if proto tcp from any to $external_addr port 80 -> $webserver

# block all by default
block all
block in quick on $ext_if from $NoRouteIPs to any
block out quick on $ext_if from any to $NoRouteIPs

#antispoof quick for $int_if inet

# pass all traffic to and from the local network
#pass in on $int_if from $internal_net to any
#pass out on $int_if from any to $internal_net

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

#pass in on 192.155.1.19 inet proto tcp from any to $webserver port 80 flags S/SA synproxy state
pass in quick on $ext_if inet proto tcp from <AllowedToSSH> to $external_addr \
           port 22 flags S/SA keep state
pass in quick on $ext_if inet proto tcp from any to $external_addr \
           port 443 flags S/SA keep state
pass in quick on $ext_if inet proto tcp from any to $external_addr \
           port 80 flags S/SA keep state
pass in quick on $ext_if inet proto tcp from any to $external_addr \
           port 143 flags S/SA keep state

pass inet proto icmp all icmp-type $icmp_types keep state
```


----------



## SirDice (Jul 30, 2009)

IMAP over SSL uses port 993. You also have *set skip on lo0* remarked.


----------



## best (Jul 30, 2009)

oh yess..
many thanks brother.. it works!


----------

