OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: path MTU discovery issue
From: Tim Harrison (harrisontimharrison.com)
Date: Wed Sep 06 2000 - 16:21:40 CDT

"Greg A. Woods" wrote:

> If you're letting all traffic through from the Internet to your mail
> host then it's unlikely a problem on your end, at least not with
> *sending* e-mail.

It was the damned firewall. Once the machine was put outside of the
firewall (as in, behind the routers, before the firewall), it worked.
It was firewall misconfiguration. Fortunately, I don't take the blame
for the firewall. ;)
 
> That is of course if it really is doing as you tell it to do. Sniffing
> the traffic on both sides is probably still a good test to try.
>
> Unless your gateway itself is what has the lower MTU (as is the case for
> my network and at least some of the clients I support who use DSL over
> VLANs over ATM) though I'd guess the problem's not at your end since
> you're neither generating fragments nor presumably blocking the ICMP
> necessary to avoid causing other people to fragment your traffic (at
> least you're not likely blocking such ICMP any more).
>
> Mind you if you're speaking of the same server having problems sending
> as appears in your postings (i.e. [216.94.86.34]) then you're apparently
> not letting "all traffic into the mail server through the firewall". I
> can neither ping that host, nor connect to it's SMTP port, nor
> traceroute to it. Is that firewall actually a NAT, PAT, or ALG? If so
> then you really should reconsider trying to run any kind of server
> behind it!

That's the IP that my mail server at home saw me coming from. I was
using my home account to send mail. Now I'm home, it should look pretty
normal. .34 is the gateway of the office internal LAN (10.20.30.x).

Thanks for your help, Greg, and thanks to everyone who responded.
Damned firewalls. Ugh. 

-- 

Tim.
Geek.
harrisontimharrison.com
EOF