Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Mail Server / Firewall Problem

To: [email protected]
Subject: [FW-1] Mail Server / Firewall Problem
From: Marlo Montanaro <[email protected]>
Date: Thu, 25 Apr 2002 14:56:07 -0400
Importance: Normal
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

I'm having some glitches that just started showing up in communications with
my mail server.  The mail server is a FreeBSD box running SendMail sitting
outside our firewall on the live Internet LAN.  Our users do POP3/SMTP and
HTTP proxy via this box.  (I know, bad design from the old days- the HTTP
proxy is being eliminated and the new mail server will be in a DMZ.)

Anyway, of course our users hit this box through FW-1 which is V4.1/sp5
running on a Nokia IP440 with IPSO 3.4.1 plus the Nokia Flows patch.

Everything has been running fine for months.  Around 10 am this morning, I
started noticing the following error in my mail server messages file:

Apr 25 12:05:43 p1 popper[2166]: I/O Error from  at a.b.c.203
(g2.mycompany.com): [-1] 60 (Operation timed out); 0 (Undefined error: 0)

... is one example.  Our firewall is the live a.b.c.203 address, which has
our network in a hide-NAT config behind it.

Corresponding to this message, I've noticed that the firewall has started to
intermittently drop POP-3, SMTP, and HTTP packets whose destination is this
mail server/proxy.  The firewall log indicates "unknown established TCP
packet" on all the drops.

Then it will clear up for awhile...

I'm perfectly willing to reboot both the mail server and firewall in hopes
it will clear things up, but I'd like to understand what is happening first,
if possible.  Is it possible the state table in the firewall is fargled?
Extended pings will occasionally show a dropped packet or a high ping time,
but that is inconclusive to me.  The interfaces on both the firewall and
mail server show no send/receive errors.

Any insights or thoughts on direction appreciated!

Thanks,
Marlo Montanaro

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Mail Server / Firewall Problem
  - From: Bill Osterman <[email protected]>

Prev by Date: Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
Next by Date: Re: [FW-1] Login process priority after installing SR client (Novell)
Previous by thread: Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
Next by thread: Re: [FW-1] Mail Server / Firewall Problem
Index(es):
- Date
- Thread