(March 1997)
|
|
Firewalls (March 1997) |
Todd Graham Lewis says: >On Mon, 10 Mar 1997, m* wrote: > >> hey all, >> >> i have implemented a firewall using a 486/DX2 running linux ver. 2.0.6. >> with reat success with one exception: >> >> smtp connections through the firewall to our mail server are >> ridiculously slow, like 25 seconds before the connection and xfer >> completes. needless to say, this is unacceptable. >> >> all of the other protocols handled by the f-wall are not affected. > >I guess that the mail server is trying to resolve the name of the >delivering agent, but name service is being impaired by your firewall >setup. Do you have DNS working properly on your SMTP host? Another possibility is that the mail server is running a version of sendmail that tries to do an ident call prior to accepting the connection. Check the firewall logs. If it's dropping connections from the mail server to the firewall on port 113, then it's the ident problem. Sendmail on the mailserver will receive a connection and try and figure out who originated that connection. In some cases it does this by using ident. It will open a TCP port back to the originator of the email connection. If that originator is a firewall, that packet will normally get dropped. The sendmail that initiated it will have to wait for the connection to timeout before proceeding on with the connection. FYI, -- Mark Horn <mhorn @ funb . com> PGP Public Key available from: http://www.es.net/hypertext/pgp.html PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E 25 8A 76 E6 04 A1 7F C1 Attachment:
pgpIel1xGGkIE.pgp Follow-Ups:
References:
|