Strange masq/port-forwarding problem
I have a strange port-forwarding related problem which I thought you might be
able to help me solve:
I am redirecting TCP ports "ftp" and "ftp-data" of my firewall host to an
internal machine. The "telnet" and "http" ports are also redirected to the same
Unfortunately as soon as connected clients from outside my LAN try to open a
data connection ("DIR" or "RETR" commands,) the connection hangs. I'm unable to
detect why that happens.
Similarly incoming telnet connections DO work -- to some extent. I can do
unlimited "ls" commands, but as soon as I invoke "l" (aliased to "ls -la") or
invoke "mc" (Midnight Commander) the session will also hang. It seems as if it
has to do with "bulk" transfers failing, but low-volume transfers not.
Finally, http doesn't work. Not even my start page is being received from
outside my LAN.
To make sure the default ipmasq rules don't break anything I changed the
firewall policies to "accept" and deleted all but the "masq" forwaring rule --
to no avail.
Another VERY strange problem that is most probably related to the ones just
described is that outgoing SMTP connections hang the same way. Regardless
whether I run sendmail or a Win32 GUI e-mail client that sends mail with SMTP
the connection will be opened, and after transmission of the DATA command the
connection will freeze.
HOWEVER if I manually perform a SMTP dialog by telnetting to the SMTP port I'm
able to properly deliver a message. Isn't that strange??? (I noticed, BTW, that
the receiver SMTP tries to authenticate the connection by running the AUTH
service (ident daemon) on my machine. At first I wasn't even running an ident
daemon, so I installed one. But it didn't help. Then I even installed a special
ip masq-aware identd (midentd), but that didn't help either.)
FYI my external network interface is an ATM card (NICstar chip,) but that
shouldn't matter (or is the unusual MTU of 9200(?) a problem?) that is
connected to an ADSL modem.
PLEASE help getting this stuff working, since I'd finally like to switch from
Windows NT to Linux on my gateway machine.
Thank you very much for your help.
Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
+49-241-876892, +49-241-877776 (fax) * firstname.lastname@example.org * PGP ok!