imap problem with blackhole
Nikos Vassiliadis
nvass at teledomenet.gr
Tue Feb 28 03:27:16 PST 2006
On Sunday 26 February 2006 14:26, Perttu Laine wrote:
> Hello!
>
> I have problem with imap. Works fine if blackhole (tcp) is set to 0, but I
> set it 1 or 2 imap stops responding (timeouts). Dovecot imap and freebsd
> 5.4. So. What could be case here?
I suspect that it's trying to do something to localhost and doesn't get a
reply back. Many programs behave like that, in my case kmail. It was
trying to use rpc, other programs try to use ident. So, first find out what
it's trying to do, use netstat -nafinet and you'll see some some TCP sockets
in SYN_SENT state, for example:
nik:0:~$ telnet 127.1 &
[1] 75027
nik:1:~$ Trying 127.0.0.1...
netstat -nafinet
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 127.0.0.1.56239 127.0.0.1.23 SYN_SENT
[...]
telnet will time out eventually. The kernel never sends a TCP reset
there 'cause tcp.blackhole=1
step 2, use your favorite firewall to return an active reply(TCP reset),
in my case:
root:0:~# pfctl -srules
No ALTQ support in kernel
ALTQ related functions disabled
block return in inet proto tcp from 127.0.0.1 to 127.0.0.1 port = sunrpc
block return in inet proto udp from 127.0.0.1 to 127.0.0.1 port = sunrpc
block drop in log inet proto tcp from any to any port 6000:6010 flags S/SA
root:0:~#
perhaps in a more complex situation(UDP) you should use a packet filter
to log everything that goes through the loopback interface. Are you using
TCP AND UDP blackhole?
HTH, Nikos
>
> --
> kpn @ IRCnet
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list