Hi, I'm having a strange problem with my SMTP services.
My setup consists of a shorewall gateway with an SMTP service on it accessible via Internet through eth0. It's a multi-ISP setup and I have two other net zones from which remote hosts can connect via SMTP but to another mail server behind another internal shorewall server setup as a bridge. During months now, I haven't had issues and we could receive email messages from anyone and on any one of our mail servers. However, I just recently found an exception with one single remote host (single machine load balanced on: 194.179.55.129 and 194.179.55.135). This host can connect without issues to $FW's SMTP service (net1/eth0) but cannot connect to 10.215.144.7's SMTPD (net2/net3). Please have a look at the tcpdumps below. I tried setting CLAMPMSS to Yes but that did not change anything, apparently. I never specified the addresses 194.179.55.129 and 194.179.55.135 in any shorewall config file (eg. tcrules). What could I try to do to locate and fix the source of the problem? Thank you for your help. On gateway shorewall: ACCEPT net1 $FW tcp 25 - - 10/min:20 DNAT net2 loc:10.215.144.7 tcp 25 - - 10/min:20 DNAT net3 loc:10.215.144.7 tcp 25 (net1 is on eth0) # tcpdump -i eth0 host 194.179.55.129 or host 194.179.55.135 10:31:14.174241 IP giss7.seg-social.es.43579 > 192.168.92.2.smtp: S 2854491711:2854491711(0) win 24820 <nop,wscale 0,nop,nop,sackOK,mss 1460> 10:31:14.177544 IP 192.168.92.2.smtp > giss7.seg-social.es.43579: S 124784606:124784606(0) ack 2854491712 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2> 10:31:14.236810 IP giss7.seg-social.es.43579 > 192.168.92.2.smtp: . ack 1 win 24820 10:31:14.254276 IP 192.168.92.2.smtp > giss7.seg-social.es.43579: P 1:31(30) ack 1 win 1460 10:31:14.316864 IP giss7.seg-social.es.43579 > 192.168.92.2.smtp: . ack 31 win 24820 (in this case SMTP works fine) (net3 is on eth3) # tcpdump -i eth3 host 194.179.55.129 or host 194.179.55.135 10:28:17.930425 IP giss7.seg-social.es.43479 > 192.168.101.2.smtp: S 3220972402:3220972402(0) win 24820 <nop,wscale 0,nop,nop,sackOK,mss 1452> 10:28:17.930781 IP 192.168.101.2.smtp > giss7.seg-social.es.43479: S 1046102548:1046102548(0) ack 3220972403 win 32767 <mss 1460,nop,nop,sackOK,nop,wscale 14> 10:28:21.482136 IP 192.168.101.2.smtp > giss7.seg-social.es.43479: S 1046102548:1046102548(0) ack 3220972403 win 32767 <mss 1460,nop,nop,sackOK,nop,wscale 14> 10:28:27.482519 IP 192.168.101.2.smtp > giss7.seg-social.es.43479: S 1046102548:1046102548(0) ack 3220972403 win 32767 <mss 1460,nop,nop,sackOK,nop,wscale 14> 10:28:39.484056 IP 192.168.101.2.smtp > giss7.seg-social.es.43479: S 1046102548:1046102548(0) ack 3220972403 win 32767 <mss 1460,nop,nop,sackOK,nop,wscale 14> (in this case SMTP fails) On internal firewall/bridge: ACCEPT net loc:10.215.144.7 tcp 25 # tcpdump -i br0 host 194.179.55.129 or host 194.179.55.135 11:31:46.182383 IP giss7.seg-social.es.50845 > 10.215.144.7.smtp: S 3631023300:3631023300(0) win 24820 <nop,wscale 0,nop,nop,sackOK,mss 1452> 11:31:46.182550 IP 10.215.144.7.smtp > giss7.seg-social.es.50845: S 1085960616:1085960616(0) ack 3631023301 win 32767 <mss 1460,nop,nop,sackOK,nop,wscale 14> 11:31:49.512665 IP 10.215.144.7.smtp > giss7.seg-social.es.50845: S 1085960616:1085960616(0) ack 3631023301 win 32767 <mss 1460,nop,nop,sackOK,nop,wscale 14> 11:31:55.711813 IP 10.215.144.7.smtp > giss7.seg-social.es.50845: S 1085960616:1085960616(0) ack 3631023301 win 32767 <mss 1460,nop,nop,sackOK,nop,wscale 14> Please find the shorewall dumps for both systems (gateway and bridge): http://213.96.91.201/shorewall/ The SMTP connections are from 194.179.55.129 or 194.179.55.135 to 192.168.92.2 and 192.168.101.2 or 192.168.100.2 (connections to 192.168.92.2 work: SMTPD is on $FW; the others fail). ____________________________________________________________________________________ Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
