versions
debian sarge
kernel 2.4.20
ecn is off = 0what do you mean "cut" the external nic?
before I send out the the entire ruleset and sysctl -a, anyone care to comment on the wisdom of doing this?
Thiago Rondon wrote:
We need more things to say something.
But, check if your $NIC_EXTERNAL is correctly. (Try to cut that, and test).
Are you have another rules ?
Another thing, what version of kernel do you use? At 2.4.20
now tcp_ecn is set to 1, and some smtp servers (linux) have
problems to connect to exchange servers, that dont have support to ECN at TCP, and the packages are ignored.
Try to, echo 0 > /proc/sys/net/ipv4/tcp_ecn.
If its doesnt run, please give us, your kernel ip routing table, all your rules, and a sysctl -a.
-Thiago Rondon
On Mon, Apr 28, 2003 at 10:27:42PM -0500, Hanasaki JiJi wrote:
There is a firewall with two NICs and the below rule to allow an internal host to connect out to smtp servers on the internet. Some hosts have a connection timeout on a connect from $INTERNAL_IP_OF_SMTP yet connect from the firewall just fine.
iptables -t nat -A POSTROUTING -p tcp -o $NIC_EXTERNAL \ --dport 25 -s $INTERNAL_IP_OF_SMTP -j MASQUERADE
ex: on firewall: telnet csoc-mail-msfc.csoconline.com 25 above connects ok
on $INTERNAL_IP_OF_SMTP telnet csoc-mail-msfc.csoconline.com 25
connection times out
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- ================================================================= = Management is doing things right; leadership is doing the = = right things. - Peter Drucker = =_______________________________________________________________= = http://www.sun.com/service/sunps/jdc/javacenter.pdf = = www.sun.com | www.javasoft.com | http://wwws.sun.com/sunone = =================================================================
