Ryan Pugatch:
> connections from our NAT IP start getting ignored by our two MTA's. I can
> watch a TCPDUMP on the MTAs and then telnet to them on 25 from a box
> behind the NAT and I can see the SYN packets arriving to the MTA but no
> response is given. Worth noting, no connection can be made from the NAT
Normally, a TCP stack will ignore SYN only when the TCP port is
open and the SYN queue is full, i.e. the application is too slow
with accepting connections.
Are you sure that your SYN observation is made on traffic AFTER
server-side packet filtering, traffic shaping, or port/address
translation?
You simply can't see packets reach the MTA. On systems that can run
Postfix, packets are managed by the network stack which is entirely
confined to the OS kernel.
Wietse
