Hi, a few days ago I had to deal with the following situation: Mail RELAY: kernel 2.6.14.4-vs2.1.0 (vs for vserver patch) iptables v1.2.11 5mbit dedicated link under my control Mail STORE: openbsd firewall (unknown version) freebsd mail store (unknown version) 3mbit dedicated link out of my control RELAY forwards mail to STORE, which is on a totally different network. All traffic was flowing fine, except for large emails (>100kb was enough) which would timeout many times while sending the message body, specially when delivering more than one large mail at a time. After some investigation, I found that lots of invalid out of window packets were received by the RELAY when the timeouts occurred, using "echo 255 > ip_conntrack_log_invalid" for troubleshooting. Apparently, the solution was to "echo 1 > ip_conntrack_tcp_be_liberal" so that only RST packets would be considered invalid. I tried that, and it worked. My question is this: where exactly is the problem? - A know netfilter problem, for that kernel version? - A problem with the bsd stack/ipfilter? - Something else? Even after all the googling, I'm confused about this. Thanks for any help. Pedro Abreu
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
