--- Tom Eastep <[EMAIL PROTECTED]> wrote:
> > What really puzzles me is that this is happening
> only
> > with this particular host (at least according to
> user
> > feedback), ie. 1 case out of "so many".
> >
>
> The SMTP server doesn't have any extra routes
> defined on it that is
> redirecting replies to that client does it?
No, route -n on the SMTP server lists:
Kernel IP routing table
Destination Gateway Genmask Flags
Metric Ref Use Iface
192.168.10.0 0.0.0.0 255.255.255.0 U
0 0 0 eth1
10.215.144.0 0.0.0.0 255.255.252.0 U
0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U
0 0 0 lo
0.0.0.0 10.215.144.91 0.0.0.0 UG
0 0 0 eth0
where 10.215.144.91 is the "shorewall bridge".
> From the "shorewall dump" on the gateway:
>
> tcp 6 0 SYN_RECV src=194.179.55.129
> dst=192.168.100.2 sport=39005
> dport=25 packets=1 bytes=52 src=10.215.144.7
> dst=194.179.55.129 sport=25
> dport=39005 packets=6 bytes=312 mark=2 use=1
>
> This indicates that the gateway has received a
> response from the SMTP server
> and has sent it on to the client.
> And, from the tcpdump on eth3 that you included in
> your original problem
> report (that I hadn't looked at because of the lack
> of the -n flag), it
> looks like the response is leaving your firewall.
That's what I thought. So in theory all seems fine on
"my side".
> So -- my next suggestion would be to capture a
> packet trace on the client
> system (see if the SYN,ACK is being lost somewhere
> between the gateway and
> the client) or if the client is finding something
> wrong with it and
> discarding it.
That's the point I wanted to get to. I thought that
the "problem" had to be on the remote client's side
but I needed some kind of proof so as to convince the
remote system's administrator.
I now have the data to sustain that a trace on the
client side should be performed.
I have no idea what their systems are running
(soft-hardware) and if they may drop our packets for
some reason.
Thank you for helping me out.
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news,
photos & more.
http://mobile.yahoo.com/go?refer=1GNXIC
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
