Re: iptables question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> But these aren't SMTP connections.  The source is port 25, but the
> destination is not.  The mail server is running normally.  I'm allowing
> new SMTP connections and traffic for established connections.

They are SMTP connections -- your server initiates a connection to
port 25 on the remote server.  Thus, when the connection is set up the
remote server will be responding with source port 25 and destination
port = source port of the initiated connection.

> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:25

I think the ACCEPT all line should catch these, but you might try
adding RELATED,ESTABLISHED specifically to the dpt:25 line.

> # cat /proc/sys/net/ipv4/ip_conntrack_max
> 63480

Unless you're passing a lot of traffic, the conntrack_max looks okay.

>
>> Yet another possibility is that these are duplicated packets (for
>> whatever reason) and the connection has already been closed out.
>>
>
> Possible, I guess, but I don't know what would be duplicating them.

This isn't as likely, but the remote sites could be duplicating them
-- the only way to determine if that's the case would be to sniff the
traffic and see if the remote site sends the same packet more than
one.

M
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux