From owner-freebsd-isp Sat Nov 28 15:00:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA22904 for freebsd-isp-outgoing; Sat, 28 Nov 1998 15:00:42 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from enya.hilink.com.au (enya.hilink.com.au [203.8.14.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA22897 for ; Sat, 28 Nov 1998 15:00:39 -0800 (PST) (envelope-from danny@enya.hilink.com.au) Received: from localhost (danny@localhost) by enya.hilink.com.au (8.8.8/8.8.7) with SMTP id JAA08416; Sun, 29 Nov 1998 09:57:43 +1100 (EST) (envelope-from danny@enya.hilink.com.au) Date: Sun, 29 Nov 1998 09:57:43 +1100 (EST) From: "Daniel O'Callaghan" To: Kitt Diebold cc: freebsd-isp@FreeBSD.ORG Subject: Re: Sendmail In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 27 Nov 1998, Kitt Diebold wrote: > I'm running Sendmail 8.9.1 and it is REALLY slow opening SMTP sessions from > machines that are behind a NAT. (The NAT's WAN interface has a real IP > address, but the machines on the LAN side are using the 192.168.0.x > addresses). Add to your nat machine the following ipfw rule. add 10 reset tcp from any to any 113 in recv ${external_interface} Sendmail attempts to do an IDENT lookup on the sending machine, by connecting to port 113. If the SYN packets to the sender's port 113 are dropped silently, sendmail can sit waiting for 20 seconds or so. If you send a RSET packet back immediately, the mail will start to flow. Hence, 'deny' is not the right keyword to use. 'unreach' will work for some Unixes, but not for FreeBSD senders, as FreeBSD does not seem to believe an ICMP_XXX_UNREACHABLE packet when opening a TCP connection. 'reset' works for every sending OS. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message