Strange masq/port-forwarding problem

Hi there,

I have a strange port-forwarding related problem which I thought you might be 
able to help me solve:

I am redirecting TCP ports "ftp" and "ftp-data" of my firewall host to an 
internal machine. The "telnet" and "http" ports are also redirected to the same 

Unfortunately as soon as connected clients from outside my LAN try to open a 
data connection ("DIR" or "RETR" commands,) the connection hangs. I'm unable to 
detect why that happens.

Similarly incoming telnet connections DO work -- to some extent. I can do 
unlimited "ls" commands, but as soon as I invoke "l" (aliased to "ls -la") or 
invoke "mc" (Midnight Commander) the session will also hang. It seems as if it 
has to do with "bulk" transfers failing, but low-volume transfers not.

Finally, http doesn't work. Not even my start page is being received from 
outside my LAN.

To make sure the default ipmasq rules don't break anything I changed the 
firewall policies to "accept" and deleted all but the "masq" forwaring rule -- 
to no avail.

Another VERY strange problem that is most probably related to the ones just 
described is that outgoing SMTP connections hang the same way. Regardless 
whether I run sendmail or a Win32 GUI e-mail client that sends mail with SMTP 
the connection will be opened, and after transmission of the DATA command the 
connection will freeze.

HOWEVER if I manually perform a SMTP dialog by telnetting to the SMTP port I'm 
able to properly deliver a message. Isn't that strange??? (I noticed, BTW, that 
the receiver SMTP tries to authenticate the connection by running the AUTH 
service (ident daemon) on my machine. At first I wasn't even running an ident 
daemon, so I installed one. But it didn't help. Then I even installed a special 
ip masq-aware identd (midentd), but that didn't help either.)

FYI my external network interface is an ATM card (NICstar chip,) but that 
shouldn't matter (or is the unusual MTU of 9200(?) a problem?) that is 
connected to an ADSL modem.

PLEASE help getting this stuff working, since I'd finally like to switch from 
Windows NT to Linux on my gateway machine.

Thank you very much for your help.


Ralf G. R. Bergs * Welkenrather Str. 100/102 * 52074 Aachen * Germany
+49-241-876892, +49-241-877776 (fax) * rabe@rwth-aachen.de  * PGP ok!

