On Fri, 31 Oct 2003, Matthew Galgoci wrote: > > Now here's the weird part. Packets from Hormel - and ONLY Hormel - were > > mangled. They showed up as UDP instead of TCP and then were assigned to > > an array of ports - none being 25. > > The udp ports I think were from my trying to traceroute to your mail > exchanger. traceroute uses random high udp ports in the range you > mentioned in a private exchange we had. As I said before, I think this explaines the udp connections, but I think I know why your firewall started refusing connections from that particular foreign ip address. I'll explain below... > > As soon as I stopped IPTables, the problem went away which means that > > there is no problem on the router end. Moreover, how could this possibly > > pertain ONLY to the Hormel server. > > > > Does anyone have any ideas? > > Does your firewall employ any automated heuristics for updating its iptables > rules? Hormel could easily be mistaken for an smtp DOS :-) If you are using iptables connection tracking, and you probably are even if you don't realize it. If this table files up with active connections for a single host it could be possible for that host to become unable to reach you. You can check this table by doing a cat /proc/net/ip_conntrack You can bump up the max connections tracked via the sysctly /proc/sys/net/ipv4/ip_conntrack_max, which defaults to 16352 (at least on my kernel). Think about what would happen if your mail server is doing mail to hundreds of hosts, each connection out or in taking 1 slot in the table, and each mail required multiple dns lookups, each of which requires a connection to be tracked. Food for thought. I could be totally wrong here, but my guess is that I'm probably dead on. -- Matthew Galgoci "If you were a woman I'd kiss you right now." System Administrator Red Hat, Inc 919.754.3700 x44155 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
