Tom Eastep wrote: > > >> I didn't grasp the meaning of the fact that if >> SYN_RECV is found on the bridge then that means that >> conntrack did not see/recognize the SYN/ACK response. >> ( the network is: WORLD --- GATEWAY --- EXTERNAL LAN >> --- BRIDGE --- INTERNAL NETWORK WITH SMTP SERVER ) > > Again, please see > http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TCPCONNECTIONS > >> Well, I have a lot of TCP/IP homework now (forgive my >> ignorance). Thanks for putting me on the right track. >>
My bad. I guess I need to refer to the above URL more often myself as I was confusing SYN_SENT and SYN_RECV state. From the "shorewall dump" on the gateway: tcp 6 0 SYN_RECV src=194.179.55.129 dst=192.168.100.2 sport=39005 dport=25 packets=1 bytes=52 src=10.215.144.7 dst=194.179.55.129 sport=25 dport=39005 packets=6 bytes=312 mark=2 use=1 This indicates that the gateway has received a response from the SMTP server and has sent it on to the client. And, from the tcpdump on eth3 that you included in your original problem report (that I hadn't looked at because of the lack of the -n flag), it looks like the response is leaving your firewall. So -- my next suggestion would be to capture a packet trace on the client system (see if the SYN,ACK is being lost somewhere between the gateway and the client) or if the client is finding something wrong with it and discarding it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
