[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipf problem: blocks outgoing mail for the first time



Ok, I'm confused... today I encountered for the first time that
sendmail (and telnet to port 25) couldn't establish an outgoing
connection to a host and it seems my ipf rules might be somehow
responsible for this.

sendmail (or telnet) tries to connect to the host:
tcp        0      0  127.0.0.1.7869            212.41.126.100.smtp   SYN_SENT

but ipf blocks incoming ACK packages:
ipmon[27717]: 09:37:55.640248
dc0 @0:35 b 212.41.126.100,25 -> 63.195.85.27,7869 PR tcp len 20 64 -A IN 

(assuming I read this correctly).
63.195.85.27 is the IP address of my host.

The output of ipfstat -i -n and -o -n is appended below.
dc0 is the external interface, dc1 internal.

If I read the HowTo correctly this might be "just" a double packet.
I've seen logfile entries like this before, but it never kept mail
from being sent. What is wrong here? Is it "just" a bad connection?
I can reach the host from another system.

Thanks in advance!

ipfstat -i -n
@1 pass in quick on lo0 from 127.0.0.1/32 to 127.0.0.1/32
@2 block in log quick on dc0 proto icmp from any to any icmp-type redir
@3 block return-rst in log quick on dc0 proto tcp from any to 63.195.85.27/32 port = 113 flags S/SA
@4 block return-icmp-as-dest(port-unr) in log quick on dc0 proto tcp from any to 63.195.85.27/32 port = 113
@5 block in log quick on dc0 proto tcp/udp from any to any with short
@6 block in log quick on dc0 from 10.0.0.0/8 to any
@7 block in log quick on dc0 from 127.0.0.0/8 to any
@8 block in log quick on dc0 from 192.186.0.0/16 to any
@9 block in log quick on dc0 from 172.16.0.0/12 to any
@10 block in log quick on dc0 from 127.0.0.1/32 to any
@11 block in log quick on dc0 from 0.0.0.0/32 to any
@12 block in log quick on dc0 from 255.255.255.255/32 to any
@13 pass in quick on dc0 proto icmp from any to 63.195.85.27/32 icmp-type unreach
@14 pass in quick on dc0 proto icmp from any to 63.195.85.27/32 icmp-type squench
@15 block in log quick on dc0 proto icmp from any to any
@16 block in log on dc0 proto tcp/udp from any to any port = sunrpc
@17 block in log on dc0 proto tcp/udp from any to any port = nfsd
@18 block in log on dc0 proto tcp from any to any port = 6000
@19 block in log quick on dc0 from 209.142.221.5/32 to any
@20 block in on dc0 proto tcp from any to any
@21 pass in quick on dc0 proto udp from any to any port = 53 keep state
@22 pass in quick on dc0 proto tcp from any to any port = 53 keep state
@23 block in on dc0 proto udp from any to any
@24 pass in quick on dc0 proto tcp from any to any port = 25 keep state
[security by obscurity follows in the next three entries...]
@25 pass in quick on dc0 proto tcp from A.B.C.1/32 to 63.195.85.27/32 port = 22 keep state
@26 pass in quick on dc0 proto tcp from A.B.C.2/32 to 63.195.85.27/32 port = 22 keep state
@27 pass in quick on dc0 proto tcp from A.B.C.3/32 to 63.195.85.27/32 port = 22 keep state
@28 block in proto tcp from any to any with short
@29 block in log from any to any with ipopt
@30 log in from any to any with opt lsrr,ssrr
@31 block in quick from any to any with opt lsrr
@32 block in quick from any to any with opt ssrr
@33 pass in quick on dc1 from any to any
@34 pass in quick from 10.1.1.0/24 to 10.1.1.2/32
@35 block in log quick from any to any


ipfstat -o -n
@1 pass out quick on lo0 from 127.0.0.1/32 to 127.0.0.1/32
@2 pass out quick on lo0 from 127.0.0.1/32 to 63.195.85.27/32
@3 pass out quick on dc0 proto icmp from 63.195.85.27/32 to any keep state
@4 pass out quick on dc0 proto tcp from any to any flags S/FSRA keep state
@5 block out on dc0 proto tcp from any to any
@6 pass out quick on dc0 proto udp from any to any port = 53 keep state
@7 pass out quick on dc0 proto tcp from any to any port = 53 keep state
@8 block out on dc0 proto udp from any to any
@9 pass out quick on dc0 proto tcp/udp from any to any port = ssh keep state
@10 pass out quick on dc0 proto tcp from any to any port = 25 keep state
@11 pass out quick on dc1 from any to any
@12 pass out quick from 10.1.1.2/32 to 10.1.1.0/24
@13 block out log quick from any to any