Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 03 Apr 2003 10:39:43 -0500 (EST)
From:      Marco Radzinschi <marco@radzinschi.com>
To:        "Nevins, Peter " <pnevins@LittonLS.com>
Cc:        "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org>
Subject:   Re: IPFILTER Question
Message-ID:  <20030403103349.X83165-100000@radzinschi.com>
In-Reply-To: <10DD0557A6ACAB4F993E055A0393ED562BAA77@MAIL1.littonls.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Apr 2003, Nevins, Peter  wrote:

> Hello. I'm a firewall admin and have run into a question regarding your OS.
> A client is running IPFILTER and cannot send mail to us here. We're running
> a Raptor Firewall for NT (yes, NT). He sends a SYN and my system responds
> with an ACK that is more on the lines of 1 million in length over the
> expected 1024. His system drops the incoming packet from me thus no email
> transfer. Having no working knowledge of IPFILTER, I don't know if it's on
> my end or his. Do you have any previous problems noted where Raptor
> Firewalls are the common denominator?
>
> Thanks for any assistance you can provide in this. I have a TCPDUMP if you
> would like to see it or know of anyone who could help.
>
> Pete

We had the same problem.  That Raptor Firewall SMTP proxy has some sort of
spoofing protection which causes this.

You can get around it by adding the following rule to IPFilter. Place this
before any pass rules, and it should work.

block return-rst in on xl0 proto tcp from any to any

Marco Radzinschi
marco@radzinschi.com

"Among those who dislike oppression are
many who like to oppress." - Napoleon Bonaparte



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030403103349.X83165-100000>