Re: iptables NAT entry times out but connects from firewall
We need more things to say something.
But, check if your $NIC_EXTERNAL is correctly. (Try to cut that,
and test).
Are you have another rules ?
Another thing, what version of kernel do you use? At 2.4.20
now tcp_ecn is set to 1, and some smtp servers (linux) have
problems to connect to exchange servers, that dont have
support to ECN at TCP, and the packages are ignored.
Try to, echo 0 > /proc/sys/net/ipv4/tcp_ecn.
If its doesnt run, please give us, your kernel ip routing table,
all your rules, and a sysctl -a.
-Thiago Rondon
On Mon, Apr 28, 2003 at 10:27:42PM -0500, Hanasaki JiJi wrote:
> There is a firewall with two NICs and the below rule to allow an
> internal host to connect out to smtp servers on the internet. Some
> hosts have a connection timeout on a connect from $INTERNAL_IP_OF_SMTP
> yet connect from the firewall just fine.
>
> iptables -t nat -A POSTROUTING -p tcp -o $NIC_EXTERNAL \
> --dport 25 -s $INTERNAL_IP_OF_SMTP -j MASQUERADE
>
> ex:
> on firewall:
> telnet csoc-mail-msfc.csoconline.com 25
>
> above connects ok
>
> on $INTERNAL_IP_OF_SMTP
> telnet csoc-mail-msfc.csoconline.com 25
>
> connection times out
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
Reply to: