pf nat problem

Wed, 10 Jan 2007 16:13:45 -0800 

Hello,
I am experiencing a problem connecting to a specific mail server through an openbsd 4.0 firewall. From any unix host (tested both freebsd and debian) I will get a timed out connection if i telnet to the remote server and attempt to send mail. From a windows 2000 host, there is no timeout. 


I can prove the firewall is getting packets on the internal interface 
and not putting them out on the external interface. I am at a complete 
loss as to why, or where to continue looking. Does anyone have any clues 
as to what is going on here?



Here is an example of the timeout happening after I type in the "mail 
from:" command. It times out at this point every time.


> telnet 67.15.157.11 25
Trying 67.15.157.11...
Connected to ns1.siteground14.com.
Escape character is '^]'.

220-serv01.siteground14.com ESMTP Exim 4.52 #1 Wed, 10 Jan 2007 16:28:58 
-0600

220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo xxx.com
250 serv01.siteground14.com Hello xxx.com [66.xx.xx.xx]
mail from:[EMAIL PROTECTED]
Connection closed by foreign host.

Here is a tcpdump from the external interface while the telnet is going on:

# tcpdump -i fxp0 -n |grep 67.15.157.11
tcpdump: listening on fxp0, link-type EN10MB

15:16:48.757841 66.xx.xx.xx.60228 > 67.15.157.11.25: S 
3904476190:3904476190(0) win 65535 <mss 1460,nop,wscale 
1,nop,nop,timestamp 1720472318 0,sackOK,eol> (DF) [tos 0x10]
15:16:48.789409 67.15.157.11.25 > 66.xx.xx.xx.60228: S 
4248820531:4248820531(0) ack 3904476191 win 5792 <mss 
1460,sackOK,timestamp 2223527781 1720472318,nop,wscale 8> (DF)
15:16:48.789887 66.xx.xx.xx.60228 > 67.15.157.11.25: . ack 1 win 33304 
<nop,nop,timestamp 1720472350 2223527781> (DF) [tos 0x10]
15:16:48.819800 67.15.157.11.52399 > 66.xx.xx.xx.113: S 
4245434329:4245434329(0) win 5840 <mss 1460,sackOK,timestamp 2223527814 
0,nop,wscale 8> (DF)
15:16:48.819932 66.xx.xx.xx.113 > 67.15.157.11.52399: R 0:0(0) ack 
4245434330 win 0 (DF) [tos 0x10]
15:16:48.854970 67.15.157.11.25 > 66.xx.xx.xx.60228: P 1:182(181) ack 1 
win 23 <nop,nop,timestamp 2223527843 1720472350> (DF)
15:16:48.954872 66.xx.xx.xx.60228 > 67.15.157.11.25: . ack 182 win 33304 
<nop,nop,timestamp 1720472516 2223527843> (DF) [tos 0x10]
15:16:51.528366 66.xx.xx.xx.60228 > 67.15.157.11.25: P 1:19(18) ack 182 
win 33304 <nop,nop,timestamp 1720475089 2223527843> (DF) [tos 0x10]
15:16:51.558204 67.15.157.11.25 > 66.xx.xx.xx.60228: . ack 19 win 23 
<nop,nop,timestamp 2223530552 1720475089> (DF)
15:16:51.558413 67.15.157.11.25 > 66.xx.xx.xx.60228: P 182:244(62) ack 
19 win 23 <nop,nop,timestamp 2223530552 1720475089> (DF)
15:16:51.658444 66.xx.xx.xx.60228 > 67.15.157.11.25: . ack 244 win 33304 
<nop,nop,timestamp 1720475220 2223530552> (DF) [tos 0x10]

^C


And here is a tcpdump from the internal interface. It shows the 
interface receiving more packets from the client and as can be seen 
above never sends them out on the external interface:



# tcpdump -i em0 -n |grep 67.15.157.11 
tcpdump: listening on em0, link-type EN10MB
15:18:39.577028 802.1Q vid 600 pri 0 192.168.0.25.60213 > 
67.15.157.11.25: S 786363956:786363956(0) win 65535 <mss 1460,nop,wscale 
1,nop,nop,timestamp 1720583155 0,sackOK,eol> (DF) [tos 0x10]
15:18:39.634189 802.1Q vid 600 pri 0 67.15.157.11.25 > 
192.168.0.25.60213: S 58075875:58075875(0) ack 786363957 win 5792 <mss 
1460,sackOK,timestamp 2223638610 1720583155,nop,wscale 8> (DF)
15:18:39.634259 802.1Q vid 600 pri 0 192.168.0.25.60213 > 
67.15.157.11.25: . ack 1 win 33304 <nop,nop,timestamp 1720583212 
2223638610> (DF) [tos 0x10]
15:18:39.720216 802.1Q vid 600 pri 0 67.15.157.11.25 > 
192.168.0.25.60213: P 1:182(181) ack 1 win 23 <nop,nop,timestamp 
2223638712 1720583212> (DF)
15:18:39.819623 802.1Q vid 600 pri 0 192.168.0.25.60213 > 
67.15.157.11.25: . ack 182 win 33304 <nop,nop,timestamp 1720583398 
2223638712> (DF) [tos 0x10]
15:18:42.643837 802.1Q vid 600 pri 0 192.168.0.25.60213 > 
67.15.157.11.25: P 1:19(18) ack 182 win 33304 <nop,nop,timestamp 
1720586222 2223638712> (DF) [tos 0x10]
15:18:42.673648 802.1Q vid 600 pri 0 67.15.157.11.25 > 
192.168.0.25.60213: . ack 19 win 23 <nop,nop,timestamp 2223641677 
1720586222> (DF)
15:18:42.673772 802.1Q vid 600 pri 0 67.15.157.11.25 > 
192.168.0.25.60213: P 182:244(62) ack 19 win 23 <nop,nop,timestamp 
2223641677 1720586222> (DF)
15:18:42.773105 802.1Q vid 600 pri 0 192.168.0.25.60213 > 
67.15.157.11.25: . ack 244 win 33304 <nop,nop,timestamp 1720586352 
2223641677> (DF) [tos 0x10]
15:18:48.577275 802.1Q vid 600 pri 0 192.168.0.25.60213 > 
67.15.157.11.25: P 19:53(34) ack 244 win 33304 <nop,nop,timestamp 
1720592157 2223641677> (DF) [tos 0x10]
15:18:48.946155 802.1Q vid 600 pri 0 192.168.0.25.60213 > 
67.15.157.11.25: P 19:53(34) ack 244 win 33304 <nop,nop,timestamp 
1720592526 2223641677> (DF) [tos 0x10]
15:18:50.359941 802.1Q vid 600 pri 0 192.168.0.25.60213 > 
67.15.157.11.25: P 19:53(34) ack 244 win 33304 <nop,nop,timestamp 
1720593940 2223641677> (DF) [tos 0x10]

^C

Thank you for any help.

Steven















    











					Reply via email to