1. Home
  2. Networking Firewalls
  3. [ IPCOP ] slow smtp flow from GREEN to ORANGE

[ IPCOP ] slow smtp flow from GREEN to ORANGE

Hello, I just installed a smtp server in the DMZ. I note a strong deceleration from the green zone to this mail server Whereas connections from the orange zone or red to this same mail server still unchanged.

Below screens resulting from a tcpdump on port 25 on this smtp server.

What is strange it is that the contents of the screens are degraded when request s from local area network

Somebody would have it an idea???

GREEN--> ORANGE:smtp

15:08:36.768550 eth0 < ipcop.eth.local.3489 >

mail.mondomaine.com.smtp: S 1350154359:1350154359(0) win 64240 (DF)

15:08:36.768684 eth0 > mail.mondomaine.com.smtp >

ipcop.eth.local.3489: S 2300610086:2300610086(0) ack 1350154360 win

30660 (DF) 15:08:36.769635 eth0 < ipcop.eth.local.3489 >

mail.mondomaine.com.smtp: . 1:1(0) ack 1 win 64240 (DF)

15:09:06.786066 eth0 > mail.mondomaine.com.smtp >

ipcop.eth.local.3489: P 1:61(60) ack 1 win 32120 (DF)

15:09:06.921451 eth0 < ipcop.eth.local.3489 >

mail.mondomaine.com.smtp: . 1:1(0) ack 61 win 64180 (DF)

15:09:08.943370 eth0 < ipcop.eth.local.3489 >

mail.mondomaine.com.smtp: P 1:2(1) ack 61 win 64180 (DF)

15:09:08.943419 eth0 > mail.mondomaine.com.smtp >

ipcop.eth.local.3489: . 61:61(0) ack 2 win 32119 (DF)

15:09:09.060289 eth0 < ipcop.eth.local.3489 >

mail.mondomaine.com.smtp: P 2:3(1) ack 61 win 64180 (DF)

15:09:09.080316 eth0 > mail.mondomaine.com.smtp >

ipcop.eth.local.3489: . 61:61(0) ack 3 win 32120 (DF)

15:09:09.124295 eth0 < ipcop.eth.local.3489 >

mail.mondomaine.com.smtp: P 3:4(1) ack 61 win 64180 (DF)

15:09:09.140317 eth0 > mail.mondomaine.com.smtp >

ipcop.eth.local.3489: . 61:61(0) ack 4 win 32120 (DF)

15:09:09.469670 eth0 < ipcop.eth.local.3489 >

mail.mondomaine.com.smtp: P 4:5(1) ack 61 win 64180 (DF)

15:09:09.480281 eth0 > mail.mondomaine.com.smtp >

ipcop.eth.local.3489: . 61:61(0) ack 5 win 32120 (DF)

ORANGE --> ORANGE:smtp

15:10:58.251968 eth0 < home.mondomaine.dmz.2923 >

mail.mondomaine.com.smtp: S 2461426799:2461426799(0) win 32120 (DF)

15:10:58.252079 eth0 > mail.mondomaine.com.smtp >

home.mondomaine.dmz.2923: S 2460965940:2460965940(0) ack 2461426800 win 30660 (DF)

15:10:58.252354 eth0 < home.mondomaine.dmz.2923 >

mail.mondomaine.com.smtp: . 1:1(0) ack 1 win 32120 (DF)

15:10:58.272280 eth0 > mail.mondomaine.com.smtp >

home.mondomaine.dmz.2923: P 1:61(60) ack 1 win 31856 (DF)

15:10:58.272588 eth0 < home.mondomaine.dmz.2923 >

mail.mondomaine.com.smtp: . 1:1(0) ack 61 win 32120 (DF)

15:11:00.872566 eth0 < home.mondomaine.dmz.2923 >

mail.mondomaine.com.smtp: P 1:7(6) ack 61 win 32120 (DF)

15:11:00.872625 eth0 > mail.mondomaine.com.smtp >

home.mondomaine.dmz.2923: . 61:61(0) ack 7 win 31856 (DF)

15:11:00.873917 eth0 > mail.mondomaine.com.smtp >

home.mondomaine.dmz.2923: P 61:102(41) ack 7 win 31856 (DF)

15:11:00.874641 eth0 > mail.mondomaine.com.smtp >

home.mondomaine.dmz.2923: F 102:102(0) ack 7 win 31856 (DF)

15:11:00.874887 eth0 < home.mondomaine.dmz.2923 >

mail.mondomaine.com.smtp: . 7:7(0) ack 103 win 32120 (DF)

15:11:00.874966 eth0 < home.mondomaine.dmz.2923 >

mail.mondomaine.com.smtp: F 7:7(0) ack 103 win 32120 (DF)

15:11:00.875004 eth0 > mail.mondomaine.com.smtp >

home.mondomaine.dmz.2923: . 103:103(0) ack 8 win 31856 (DF)

RED--> ORANGE:smtp

15:11:44.447604 eth0 < monserveurdistant.com.4560 >

mail.mondomaine.com.smtp: S 1987603866:1987603866(0) win 5840 (DF)

15:11:44.447782 eth0 > mail.mondomaine.com.smtp >

monserveurdistant.com.4560: S 2502523816:2502523816(0) ack 1987603867 win 30660 (DF)

15:11:44.508110 eth0 < monserveurdistant.com.4560 >

mail.mondomaine.com.smtp: . 1:1(0) ack 1 win 5840 (DF)

15:11:44.645754 eth0 > mail.mondomaine.com.smtp >

monserveurdistant.com.4560: P 1:61(60) ack 1 win 31856 (DF)

15:11:44.704616 eth0 < monserveurdistant.com.4560 >

mail.mondomaine.com.smtp: . 1:1(0) ack 61 win 5840 (DF)

15:11:46.745117 eth0 < monserveurdistant.com.4560 >

mail.mondomaine.com.smtp: P 1:7(6) ack 61 win 5840 (DF)

15:11:46.745180 eth0 > mail.mondomaine.com.smtp >

monserveurdistant.com.4560: . 61:61(0) ack 7 win 31856 (DF)

15:11:46.746726 eth0 > mail.mondomaine.com.smtp >

monserveurdistant.com.4560: P 61:102(41) ack 7 win 31856 (DF)

15:11:46.747424 eth0 > mail.mondomaine.com.smtp >

monserveurdistant.com.4560: F 102:102(0) ack 7 win 31856 (DF)

15:11:46.809310 eth0 < monserveurdistant.com.4560 >

mail.mondomaine.com.smtp: . 7:7(0) ack 102 win 5840 (DF)

15:11:46.812478 eth0 < monserveurdistant.com.4560 >

mail.mondomaine.com.smtp: F 7:7(0) ack 103 win 5840 (DF)

15:11:46.812533 eth0 > mail.mondomaine.com.smtp >

monserveurdistant.com.4560: . 103:103(0) ack 8 win 31856 (DF)

Reply to
Cdelamarre
Loading thread data ...

Ahhh, but what happens if you watch all ports on the server, UDP as well as TCP?

Perhaps.

Three way handshake - set up the TCP connection.

a packet that probably contains the SMTP greeting. But if you compare the same packets on the 'ORANGE --> ORANGE:smtp' or 'RED--> ORANGE:smtp' exchange, the delay between the handshake and the probable SMTP greeting is very small. This is a very common problem when the DNS is not configured properly. The SMTP daemon asks the DNS servers, "what is the name of the host 123.45.67.89 that is connecting to me?" but the DNS server is not responding with an answer. The SMTP daemon waits.... and waits... and finally gives up, and returns the greeting message.

The solution is to ensure that the SMTP server can determine the full name of any host that connects to it. This means the rDNS (IN-ADDR.ARPA domain) tables must be complete, OR that the 'hosts file' (/etc/hosts or the windoze equivalent) on the server has _full_ names of all internal hosts.

Old guy

Reply to
Moe Trin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.