Skip Navigational Links
LISTSERV email list manager
LISTSERV - COMMUNITY.EMAILOGY.COM
LISTSERV Menu
Log In
Log In
LISTSERV 17.5 Help - LSTSRV-L Archives
LISTSERV Archives
LISTSERV Archives
Search Archives
Search Archives
Register
Register
Log In
Log In

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

Menu
LISTSERV Archives LISTSERV Archives
LSTSRV-L Home LSTSRV-L Home

Log In Log In
Register Register

Subscribe or Unsubscribe Subscribe or Unsubscribe

Search Archives Search Archives
Options: Use Forum View

Use Proportional Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Packet Filtering Problem
From:
Valdis Kletnieks <[log in to unmask]>
Reply To:
LISTSERV give-and-take forum <[log in to unmask]>
Date:
Tue, 1 Oct 2002 21:20:06 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (30 lines)
On Tue, 01 Oct 2002 16:22:34 EDT, Scott Thomas <[log in to unmask]>  said:

> a DNS problem), but cannot find the mailer. When I disable packet filtering,
> outgoing messages are released and the Resolver tool locates both
> home.ease.lsoft.com and the mail server at that location. All outbound ports
> are open, but apparently an inbound port on our Listserv server needs to be
> opened somewhere. Can anyone advise on which port? It seems

Most likely, what is happening is that you're making an OUTBOUND connection
to the other system's port 25 (SMTP), and it's calling you back on port 113
(IDENT).  I'm guessing your firewall is dropping the SYN packet being
sent to your port 113, and the other end is doing one of 2 things:

1) Their timeout for the IDENT connection is longer than the timeout to
get the SMTP connection open, so it cans the SMTP because it had to wait
too long.

2) Their software is misinterpreting the unreachability of port 113 as the
unreachability of the entire host.  This can be made even worse by firewall
software that sends an ICMP Host Unreachable instead of an ICMP Port Unreachable.

When you turn off the filtering, the SYN packet makes it to your system almost
instantaneously, your end probably sends an RST packet back because you don't
have IDENT running (or it answers the query if it is), the other end is happy,
and things move right along.
--
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM CataList Email List Search Powered by LISTSERV