[NBLUG/talk] [SoCoSA/discuss] Sending to Comcast mailserver woes....

Trevor Benson tbenson at a-1networks.com
Mon Nov 19 23:13:20 PST 2007


Do you have a SNAT and DNAT rules for this system in place giving it its own inbound outbound translation in both directions?  Off the top of my head it sounds like maybe the SNAT is in place but the DNAT is misconfigured.  Could be lots of other things, but that's the first thing I think of.

Trevor

> -----Original Message-----
> From: discuss-bounces at socosa.org [mailto:discuss-bounces at socosa.org] On
> Behalf Of Mark Street
> Sent: Monday, November 19, 2007 6:02 PM
> To: SoCoSA general discussion list
> Cc: General NBLUG chatter about anything Linux, answers to questions,
> etc.
> Subject: [SoCoSA/discuss] Sending to Comcast mailserver woes....
> 
> Hi,
> 
> I am still having fits with sending mail to comcast and a few other
> domains
> for the past month.  Nothing has changed in my firewall in the past
> year or
> so..... but I believe I have narrowed it down to my firewall - iptables
> - one
> on a Red Hat 9 box and one on a CentOS 5 box.  If I turn off my
> firewall I
> can send mail to comcast.net.  If I turn it back on and try to send I
> get
> entries in /var/log/messages that show mx2.comcast.net or
> mx1.comcast.net
> sending an ACK SYN to a random high port on my machine.  It does this
> for
> about 15 seconds, then sends a ACK RST.  The mail never goes out.
> 
> I have edited my firewall script and turned off all ICMP filtering with
> no
> positive effect.  Can anyone give me a clue as to why comcast insists
> on
> coming back with a 3 way handshake and how I can tweak my firewall to
> accomodate?
> 
> TIA
> 
> ---------------
> 
> Nov 19 10:19:21
> penguin kernel: Inbound IN=eth1 OUT=
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP
> SPT=25
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:24 penguin kernel: Inbound IN=eth1 OUT=
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP
> SPT=25
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:24 penguin kernel: Inbound IN=eth1 OUT=
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP
> SPT=25
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:30 penguin kernel: Inbound IN=eth1 OUT=
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP
> SPT=25
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:30 penguin kernel: Inbound IN=eth1 OUT=
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP
> SPT=25
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:35 penguin kernel: Inbound IN=eth1 OUT=
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116
> DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58685
> PROTO=TCP
> SPT=25 DPT=47704 WINDOW=5840 RES=0x00 ACK RST URGP=0
> --
> Mark Street, D.C., RHCE
> CTO Alliance Medical Center
> http://www.oswizards.com
> http://www.alliancemed.org
> --
> "First they ignore you, then they ridicule you, then they fight you,
> then you
> win" - Gandhi
> "If you want truly to understand something, try to change it" - Kurt
> Lewin
> --
> Key fingerprint = 3949 39E4 6317 7C3C 023E  2B1F 6FB3 06E7 D109 56C0
> GPG key http://www.oswizards.com/pubkey.asc
> 
> _______________________________________________
> SoCoSA discuss mailing list
> discuss at socosa.org
> Your address: tbenson at a-1networks.com
> http://socosa.org/mailman/listinfo/discuss
> http://socosa.org/mailman/options/discuss/tbenson%40a-1networks.com



More information about the talk mailing list