[ IPCOP ] slow smtp flow from GREEN to ORANGE

[ IPCOP ] slow smtp flow from GREEN to ORANGE
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
[ IPCOP ] slow smtp flow from GREEN to ORANGE Cdelamarre 04-07-2005
Posted by Cdelamarre on April 7, 2005, 12:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,
I just installed a smtp server in the DMZ.
I note a strong deceleration from the green zone to this mail server
Whereas connections from the orange zone or red to this same mail
server still unchanged.

Below screens resulting from a tcpdump on port 25 on this smtp server.

What is strange it is that the contents of the screens are degraded
when request s from local area network

Somebody would have it an idea???

GREEN--> ORANGE:smtp

15:08:36.768550 eth0 < ipcop.eth.local.3489 >
mail.mondomaine.com.smtp: S 1350154359:1350154359(0) win 64240 <mss
1460,nop,nop,sackOK> (DF)
15:08:36.768684 eth0 > mail.mondomaine.com.smtp >
ipcop.eth.local.3489: S 2300610086:2300610086(0) ack 1350154360 win
30660 <mss 1460,nop,nop,sackOK> (DF)
15:08:36.769635 eth0 < ipcop.eth.local.3489 >
mail.mondomaine.com.smtp: . 1:1(0) ack 1 win 64240 (DF)
15:09:06.786066 eth0 > mail.mondomaine.com.smtp >
ipcop.eth.local.3489: P 1:61(60) ack 1 win 32120 (DF)
15:09:06.921451 eth0 < ipcop.eth.local.3489 >
mail.mondomaine.com.smtp: . 1:1(0) ack 61 win 64180 (DF)
15:09:08.943370 eth0 < ipcop.eth.local.3489 >
mail.mondomaine.com.smtp: P 1:2(1) ack 61 win 64180 (DF)
15:09:08.943419 eth0 > mail.mondomaine.com.smtp >
ipcop.eth.local.3489: . 61:61(0) ack 2 win 32119 (DF)
15:09:09.060289 eth0 < ipcop.eth.local.3489 >
mail.mondomaine.com.smtp: P 2:3(1) ack 61 win 64180 (DF)
15:09:09.080316 eth0 > mail.mondomaine.com.smtp >
ipcop.eth.local.3489: . 61:61(0) ack 3 win 32120 (DF)
15:09:09.124295 eth0 < ipcop.eth.local.3489 >
mail.mondomaine.com.smtp: P 3:4(1) ack 61 win 64180 (DF)
15:09:09.140317 eth0 > mail.mondomaine.com.smtp >
ipcop.eth.local.3489: . 61:61(0) ack 4 win 32120 (DF)
15:09:09.469670 eth0 < ipcop.eth.local.3489 >
mail.mondomaine.com.smtp: P 4:5(1) ack 61 win 64180 (DF)
15:09:09.480281 eth0 > mail.mondomaine.com.smtp >
ipcop.eth.local.3489: . 61:61(0) ack 5 win 32120 (DF)


ORANGE --> ORANGE:smtp

15:10:58.251968 eth0 < home.mondomaine.dmz.2923 >
mail.mondomaine.com.smtp: S 2461426799:2461426799(0) win 32120 <mss
1460,sackOK,timestamp 101518737 0,nop,wscale 0> (DF)
15:10:58.252079 eth0 > mail.mondomaine.com.smtp >
home.mondomaine.dmz.2923: S 2460965940:2460965940(0) ack 2461426800
win 30660 <mss 1460,sackOK,timestamp 8409823 101518737,nop,wscale 0>
(DF)
15:10:58.252354 eth0 < home.mondomaine.dmz.2923 >
mail.mondomaine.com.smtp: . 1:1(0) ack 1 win 32120 <nop,nop,timestamp
101518737 8409823> (DF)
15:10:58.272280 eth0 > mail.mondomaine.com.smtp >
home.mondomaine.dmz.2923: P 1:61(60) ack 1 win 31856
<nop,nop,timestamp 8409825 101518737> (DF)
15:10:58.272588 eth0 < home.mondomaine.dmz.2923 >
mail.mondomaine.com.smtp: . 1:1(0) ack 61 win 32120 <nop,nop,timestamp
101518739 8409825> (DF)
15:11:00.872566 eth0 < home.mondomaine.dmz.2923 >
mail.mondomaine.com.smtp: P 1:7(6) ack 61 win 32120 <nop,nop,timestamp
101518999 8409825> (DF)
15:11:00.872625 eth0 > mail.mondomaine.com.smtp >
home.mondomaine.dmz.2923: . 61:61(0) ack 7 win 31856
<nop,nop,timestamp 8410085 101518999> (DF)
15:11:00.873917 eth0 > mail.mondomaine.com.smtp >
home.mondomaine.dmz.2923: P 61:102(41) ack 7 win 31856
<nop,nop,timestamp 8410085 101518999> (DF)
15:11:00.874641 eth0 > mail.mondomaine.com.smtp >
home.mondomaine.dmz.2923: F 102:102(0) ack 7 win 31856
<nop,nop,timestamp 8410085 101518999> (DF)
15:11:00.874887 eth0 < home.mondomaine.dmz.2923 >
mail.mondomaine.com.smtp: . 7:7(0) ack 103 win 32120
<nop,nop,timestamp 101518999 8410085> (DF)
15:11:00.874966 eth0 < home.mondomaine.dmz.2923 >
mail.mondomaine.com.smtp: F 7:7(0) ack 103 win 32120
<nop,nop,timestamp 101518999 8410085> (DF)
15:11:00.875004 eth0 > mail.mondomaine.com.smtp >
home.mondomaine.dmz.2923: . 103:103(0) ack 8 win 31856
<nop,nop,timestamp 8410085 101518999> (DF)


RED--> ORANGE:smtp

15:11:44.447604 eth0 < monserveurdistant.com.4560 >
mail.mondomaine.com.smtp: S 1987603866:1987603866(0) win 5840 <mss
1460,sackOK,timestamp 234701815 0,nop,wscale 0> (DF)
15:11:44.447782 eth0 > mail.mondomaine.com.smtp >
monserveurdistant.com.4560: S 2502523816:2502523816(0) ack 1987603867
win 30660 <mss 1460,sackOK,timestamp 8414442 234701815,nop,wscale 0>
(DF)
15:11:44.508110 eth0 < monserveurdistant.com.4560 >
mail.mondomaine.com.smtp: . 1:1(0) ack 1 win 5840 <nop,nop,timestamp
234701821 8414442> (DF)
15:11:44.645754 eth0 > mail.mondomaine.com.smtp >
monserveurdistant.com.4560: P 1:61(60) ack 1 win 31856
<nop,nop,timestamp 8414462 234701821> (DF)
15:11:44.704616 eth0 < monserveurdistant.com.4560 >
mail.mondomaine.com.smtp: . 1:1(0) ack 61 win 5840 <nop,nop,timestamp
234701841 8414462> (DF)
15:11:46.745117 eth0 < monserveurdistant.com.4560 >
mail.mondomaine.com.smtp: P 1:7(6) ack 61 win 5840 <nop,nop,timestamp
234702044 8414462> (DF)
15:11:46.745180 eth0 > mail.mondomaine.com.smtp >
monserveurdistant.com.4560: . 61:61(0) ack 7 win 31856
<nop,nop,timestamp 8414672 234702044> (DF)
15:11:46.746726 eth0 > mail.mondomaine.com.smtp >
monserveurdistant.com.4560: P 61:102(41) ack 7 win 31856
<nop,nop,timestamp 8414672 234702044> (DF)
15:11:46.747424 eth0 > mail.mondomaine.com.smtp >
monserveurdistant.com.4560: F 102:102(0) ack 7 win 31856
<nop,nop,timestamp 8414672 234702044> (DF)
15:11:46.809310 eth0 < monserveurdistant.com.4560 >
mail.mondomaine.com.smtp: . 7:7(0) ack 102 win 5840 <nop,nop,timestamp
234702051 8414672> (DF)
15:11:46.812478 eth0 < monserveurdistant.com.4560 >
mail.mondomaine.com.smtp: F 7:7(0) ack 103 win 5840 <nop,nop,timestamp
234702051 8414672> (DF)
15:11:46.812533 eth0 > mail.mondomaine.com.smtp >
monserveurdistant.com.4560: . 103:103(0) ack 8 win 31856
<nop,nop,timestamp 8414679 234702051> (DF)


Posted by Moe Trin on April 7, 2005, 3:14 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>I just installed a smtp server in the DMZ.
>I note a strong deceleration from the green zone to this mail server
>Whereas connections from the orange zone or red to this same mail
>server still unchanged.
>
>Below screens resulting from a tcpdump on port 25 on this smtp server.

Ahhh, but what happens if you watch all ports on the server, UDP as well
as TCP?

>What is strange it is that the contents of the screens are degraded
>when request s from local area network
>
>Somebody would have it an idea???

Perhaps.

>GREEN--> ORANGE:smtp
>
>15:08:36.768550 eth0 < ipcop.eth.local.3489 > mail.mondomaine.com.smtp: S
>15:08:36.768684 eth0 > mail.mondomaine.com.smtp > ipcop.eth.local.3489: S
>15:08:36.769635 eth0 < ipcop.eth.local.3489 > mail.mondomaine.com.smtp: .

Three way handshake - set up the TCP connection.

>15:09:06.786066 eth0 > mail.mondomaine.com.smtp > ipcop.eth.local.3489: P

a packet that probably contains the SMTP greeting. But if you compare
the same packets on the 'ORANGE --> ORANGE:smtp' or 'RED--> ORANGE:smtp'
exchange, the delay between the handshake and the probable SMTP greeting
is very small. This is a very common problem when the DNS is not
configured properly. The SMTP daemon asks the DNS servers, "what is the
name of the host 123.45.67.89 that is connecting to me?" but the DNS server
is not responding with an answer. The SMTP daemon waits.... and waits...
and finally gives up, and returns the greeting message.

The solution is to ensure that the SMTP server can determine the full name
of any host that connects to it. This means the rDNS (IN-ADDR.ARPA domain)
tables must be complete, OR that the 'hosts file' (/etc/hosts or the
windoze equivalent) on the server has _full_ names of all internal hosts.

Old guy


Similar ThreadsPosted
Intercepting data flow between 2 applications by using a firewall February 22, 2005, 1:33 pm
Scientific solved IT Security by The Green Cross September 6, 2008, 7:21 am
ZA causes very slow boot November 11, 2004, 5:43 am
slow access with China April 29, 2008, 12:36 am
internet speed browsing slow February 9, 2005, 4:33 am
Does IPS in sonicwall slow download speed down? February 16, 2005, 10:26 pm
Shared printer very slow with Windows Firewall March 11, 2005, 7:42 am
SMTP Fixup -- On or Off??? March 31, 2005, 3:58 am
PIX / SMTP question - Help? January 5, 2006, 10:00 am
Firewall and SMTP May 17, 2007, 3:00 am

The site map in XML format XML site map

Contact Us | Privacy Policy