From owner-freebsd-questions Sun Sep 3 15:39:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id CBA8437B423 for ; Sun, 3 Sep 2000 15:39:25 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 3 Sep 2000 15:38:16 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id PAA61308; Sun, 3 Sep 2000 15:39:17 -0700 (PDT) (envelope-from cjc) Date: Sun, 3 Sep 2000 15:39:17 -0700 From: "Crist J . Clark" To: Gabriel Ambuehl Cc: questions@FreeBSD.ORG Subject: Re: Strange behaviour of IPFilter... Message-ID: <20000903153917.N62475@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <8688272028.20000903121705@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <8688272028.20000903121705@buz.ch>; from gabriel_ambuehl@buz.ch on Sun, Sep 03, 2000 at 12:17:05PM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Sep 03, 2000 at 12:17:05PM +0200, Gabriel Ambuehl wrote: > Hello > I successfully got IPF and IPNat working for most services (prior to > this, I used ipfw/natd). However, outgoing SMTP to *some* hosts is fucking slow > (if I disable IPFilter, they work as they usually do), it seems to > happen on the firewall as well as on the boxes behind it which use it > as NAT gateway. Watch for incoming 'auth' connections from these servers. The SMTP might not be completing until the ident attempt times out. If this is unacceptable, you can have the firewall do a "dummy" response to all idents or have the firewall reject the attempts. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message