Thanks to all for your fast replies.
Rejecting the ident* (auth at port 113) solved the probolem.
Thanks, Antje
On Mon, 15 May 2000, Administrator for OK 2 NET wrote:
> > we are testing a firewall setup at the moment and see
> > the strange behaviour that connections from inside to an
> > outside mailserver take about 30 seconds to initiate while the
> > connection to port 25 of an outside proxy machine that forwards
> > the requests to the outside mailserver is fast.
> > That's why we assume it's not a problem of the firewall
> > but that qmail handles the connections differently.
> > But I don't see a reason for this. Any clues?
> >
> > The firewall is a nokia box with checkpoint FW1 (newest version) and the
> > mailserver is a sun ultra1 running qmail-1.03.
>
> The ident* segments are being dropped by your firewall,
> this causes the OUTSIDE server to wait for response.
>
> Solution 1: which I think is the best, is to REJECT all ident segments.
> The reason for this is that many server expect some sort of reply
> to accept connections or the will wait og make connections slow.
>
> Solution 2: you could allow all or some ident segments,
> beware however that some NAT systems will have problems with ident.
> Since the mailserver will not see the hidden IP and will send it directly
> to the firewall, which the FIREWALL might not know where to send...
>
> Solution 3: set the TIMEOUT on the OUTSIDE mailserver to a lower number,
> I would do this only if everything else fails.
>
> Solution X: You could mix your own configuration of RULES to make this work!
>
>
> *ident is a small TCP connection on PORT 113 done by servers to "verify" the client,
> your INSIDE mailserver being the client and OUTSIDE being the server in this case.
>
>
> Regards Andr� Paulsberg
>
>
________________________________________________________________________
EMBL Computing & Network Group
Antje Koschel Phone : +49 / 6221 / 387 287
Meyerhofstr. 1 Fax : +49 / 6221 / 387 517
D-69012 Heidelberg Mail: [EMAIL PROTECTED]
________________________________________________________________________
