Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Pipeline 130 w/ Firewall
On 20 Oct 98, at 15:49, Chris Lehr wrote:
> Hey all..
>
> If this is a newbie question, flame away :P
>
> How do I check versions of the firewall/router and the big bad question:
>
> Here is my network:
>
> Internet, connected to the Router (ascend 130 -- 206.24.45.1) via a
> CSU/DSU for MUXing, to a 100MB hub with 3 machines on it, 1 web server,
> one Msproxy, one raptor firewall. The latter 2 are multihomed, and
> attached to the REAL internal network with is 10.*.*.*
>
> Now.. here is the problem. My Exchange box (10.0.0.5) has been having
> issues ever since we installed the Ascend firewall. It sends using IMC
> just fine to some sites, and not at all to others. Does anyone know if
> some mail servers double check to see if the mail server on the net
> exists first? Basically, the Exchange Server reroutes throught the IMC
> using mail.tcginc.com (206.24.45.56) -- now if some mail servers double
> check (or try to) by using ping or traceroute to that IP or name, they
> get nada, nothing, etc.
OK, the remote end is probably not trying to ping or traceroute, but
more than likely is trying to get an ident from your mail server.
Ident checking is enabled by default on Sendmail, so what you
may find is that the only sites which you are having problems with
are mainly ones which are running Sendmail.
Some admins prefer to switch ident checking off, or reduce the
timeouts.
The ident request is hitting the firewall and getting sent to the bit
bucket, so the remote end just keeps retrying.
What you can do is allow identd requests (TCP port 113) through
the firewall, for the NT server. As soon as it hits the NT server,
which isn't running an Identd, an ICMP port unreachable is sent
back to the remote end, the Sendmail gives up on waiting for an
Ident, and accepts the message - or at least thats what should
happen!
Give it a go and see what you get.
Mike
--
Mike Hughes - Network Services mike@dircon.net
Tel: 0181 297 0300 http://www.dircon.net/
Fax: 0181 463 9820
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: