[H-GEN] Problems with masq'ing sendmail
Marshall, Joshua
MarshallJ at switch.aust.com
Wed Sep 1 00:35:41 EDT 1999
[ Humbug *General* list - semi-serious discussions about Humbug and
Unix-related topics. ]
Hi all,
I've got my system set up as follows:
+--------------+ +--------------+
| | | |
Internet | | MASQ | |
<--------->| Firewall |<------>| Email server |
| | | |
| | | |
+--------------+ +--------------+
I currently masquerade ports 25 and 113 (auth) into the email server (using
ipportfw on the firewall - it's a router-on-a-floppy deal) and to send all
emails out to the world I masquerade the smtp through the Firewall to the
destination mail servers.
All incoming emails are working great, however outgoing emails lose
connection after a period of time, so I'm unable to send anything > 100k.
Watching a tcpdump it all looks great and suddenly the remote host stops
acking.
I have noticed that the auth port gives me errors like:
Sep 1 14:07:02 server1 identd[14737]: Connection from xgate.ebi.it
Sep 1 14:07:02 server1 identd[14737]: from: 194.243.48.2 ( xgate.ebi.it )
for: 61142, 25
Sep 1 14:07:02 server1 identd[14737]: Returned: 61142 , 25 : NO-USER
Which doesn't really surprise me as the ports change as I go through the
firewall. How I'd fix this I'm not sure (maybe run the auth on the
firewall?)
I have also noticed that sending files via ftp fail pretty bad after a while
also. Incoming seems to work fine.
Here are my masq settings:
# Forwarding Rules
ipfwadm -F -f
# Set default Forwarding to deny
ipfwadm -F -p deny
# Add masquerading entries
# Forward email to internal mail server
ipfwadm -F -a accept -m -P tcp -D server1.ussbris 25
# Forward auth connects to internal mail server
# this doesn't seem to work as auth doesn't get it right.
ipfwadm -F -a accept -m -P tcp -D server1.ussbris 113
#Allow internal email server to send emails out
ipfwadm -F -a accept -m -S server1.ussbris
# Set masquerading timeouts
ipfwadm -M -s 1800 1800 1800
/usr/sbin/ipportfw -A -t 203.108.63.250/25 -R 10.10.10.1/25
/usr/sbin/ipportfw -A -t 203.108.63.250/113 -R 10.10.10.1/113
Routing rules etc are all ok - I do get through for quite a while.
I'm a bit concerned about the kernel - It's a 2.0.36pre version that was
supplied with the LRP distribution. I have a feeling there were patches to
get certain things going, otherwise I'd just shove a new kernel in.
Can anyone shed some light on all of this?
Josh Marshall
Systems Support Engineer
Union Switch & Signal Pty Ltd
marshallj at switch.aust.com
Ph +61-7-3868-9371
Fax +61-7-3268-2219
--
This is list (humbug) general handled by majordomo at lists.humbug.org.au .
Postings only from subscribed addresses of lists general or general-post.
More information about the General
mailing list