You are correct that this was not a update, but an upgrade to version 7
code if I remember correctly, that caused the outbound fixup to be
enabled? Again, I am lucky that I don't have to deal with Cisco, as I
work with a talented network people that does all of that...
I mention fixup as possible cause of admsrv not working on the WAN side
of the firewall because it does a lot more than just SMTP, and why
admsrv works OK on the LAN side.
_____________________
Rusty Waybrant
rwaybrant (at mark) gramtel.net
-----Original Message-----
From: Paul Aviles [mailto:paul.aviles (at mark) nickelnetworks.com]
Sent: Thursday, December 14, 2006 1:17 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:08191] Re: TCP Checksum Invalid
Rusty, the issue you are describing is called Mailguard on the Cisco
Pix's using a fixup command. With this option, the pix returns a a bunch
of zeros instead of the version of the mail daemon you are using for the
initial smtp connection. Try telnet on port 25 to any local smtp server
and you will see what you get.
To turn it off on the pix you will need to type in console/terminal more
"no fixup protocol smtp" and do a "wr mem" to update the pix. An update
of the software on the pix will NOT cause this as requires manual
intervention to get enabled.
See here for more information.
http://support.microsoft.com/kb/295725
Regards,
Paul Aviles
Nickel Networks
-----Original Message-----
From: Rusty Waybrant [mailto:RWaybrant (at mark) gramtel.net]
Sent: Thursday, December 14, 2006 12:28 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:08190] Re: TCP Checksum Invalid
If it works on the LAN but it is not working through the firewall,
possibly the firewall?
I am not big on all network/cisco stuff, and my experience on this was
not related to BQ/Nuonce, but I had to request that the PIX 'fixup' be
turned off for outbound sessions. I think this is what it is called? It
is where the PIX will read into sessions to mask the identity of all
services, like "220 ESMTP Sendmail" being replaced by *** *****
********.
This was for an outbound SMTP issue (Exchange) as all mail was not
sending because of it, but where 'fixup' is still working just fine when
left turned-on for the inbound sessions. I think this was related to a
recent update to the PIX software, so I wish I knew more here... Another
weird thing, it was only Exchange, as I had a sendmail server behind the
same PIX that was sending just fine.
Rusty
________________________________
From: Dave Doherty [mailto:dave (at mark) skywaves.net]
Sent: Wednesday, December 13, 2006 10:04 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:08183] TCP Checksum Invalid
Hello!
I recently installed Nu-CentOS-BQ-4.6.iso on a Dell C521 computer.
On the LAN, it seems to work fine, but outside viewers cannot see it. I
enabled ports 444 and 81 as well as the normal HTTP, HTTPS, DNS, POP,
IMAP, SMTP and FTP through the firewall, which is Cisco PIX506E.
I installed Ethereal on a system on the LAN and accessed the server's
admin interface. Many of the TCP packets from the server showed "TCP
checksum invalid" errors, which I assume is why the packets are not
making it though the firewall.
Is this a known issue with the 4.6 release? Has anyone else experienced
this?
-Dave Doherty
Skywaves, Inc.