Re: problem in smtp server

From: Leo (bjl_at_freemail.it)
Date: 11/17/05 

Date: Thu, 17 Nov 2005 14:09:13 +0100

Thank you very much, now my ftp is working, and even the smtp seems to
work fine...

> The "reset" option instructs IPFW to return a TCP RST packet to
> an incoming request on the port (ident), rather than just
> dropping it. This is effectively necessary (unless you want to
> run an ident server, which I'd be pretty certain you don't!) as
> some mail servers do an ident lookup on the user account on the
> (to them) foreign SMTP server when receiving mail from it. If
> the request is dropped, the connection'll likely time out
> (hence, I'd wager, the protocol timeout messages in your
> maillog, mentioned earlier), whereas if the connection is
> rejected, the querying mail server generally just accepts that
> it can't do the look up and carries on as normal.
>
> (Sorry, that spiel is a tad confusing!)
>
> RE: The FTP server. I'd hazard a guess that it's now not
> working becuase you're serving active FTP requests (rather than
> passive FTP requests) and you've now removed the former rule
> 00240. If you were to replace the line for rule 00402 with
> something like the following and ensured that you are serving
> only passive FTP requests, I think you'd be right:
> $cmd 00402 allow tcp from any to me 20,21,1024-65535 in
> via $pif setup keep-state
>
> NOTE: I think by default ftpd on FreeBSD is configured to offer
> only ports way above 1024 for passive data connections, but I'm
> not sure. As *** Hoogendijk pointed out in another message in
> this thread, it's configurable on the server.
>
> Have fun, hope I haven't totally confused you!