Hi all,

I have mail server running behind CentOS firewall. So if user wants to connect mail server he has to go through the firewall. I configured iptalbes as below
seems ok but some times not, is my rule ok or i need anything else, please help me.

thanks in advance.

long delays are typically DNS lookup based. I'd guess that your server is taking your source IP and trying to get a name for it.

if you're using postfix, see here - http://www.postfix.org/postconf.5.ht...eername_lookup although it doesn't look like there's really anything to fix.

Hi,

thanks for reply, i'm using ms exchange 2003. Please help me, how to over come this dns lookup issue.

And what about iptables, is it correct do i need any forward rule, please tell me.


thank you very much.

well that's a windows problem then. Personally I've no idea about M$ specifics, but I'm sure google could help you out in seconds. I'd presume offhand it's just a case of having a functional DNS service for Exchange to query. Some traffic dumps from wireshark on the server would be useful to see if there are unanswered DNS queries being made. I've also no proof that that IS the problem, just a hunch.

Hi,

If your telnet is trying to do a lookup there should be an option to prevent it from doing so, for eg. on mac you can do a telnet with the -N flag to prevent a lookup and see if that is what's causing the time delay.

the -N flag would be for a telnet **server**. He doesn't have a telnet server, he has an MS Exchange server.

Hi all,

As acid_cupid said, it could be dnslookup error, what i did was i port forwarded in iptalbes, i did like now telnet is normal and quick, i guess 25 is universally for smtp which is why trying dnslookup.

my doubt is telnet is ok from CentOS firewall, but why users unable to do quickly through the same CentOS firewall ? any idea, so that i could try sorting out.

Thank you very much.

Perhaps I misunderstood, I gathered from the OP that he was trying to telnet through the firewall to the Exchange server, telneting throught it causes a delay, telneting from the firewall (bypassing IP tables does not).

What I meant was that if the delay is being caused by DNS lookup delays then he should be able to prevent his telnet client from attempting a lookup. I just tested this:

xxx@mac1:~$ telnet 172.19.xx.xx 22
Trying 172.19.99.10...
Connected to <hostname>.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.2

telnet> quit
Connection closed.
xxx@mac1:~$ telnet -N 172.19.xx.xx 22
Trying 172.19.xx.xx...
Connected to 172.19.xx.xx.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.2
Connection closed by foreign host.

Now see if the delay is apparent on both tests.

If I've completely missed the point I apologise, our coffee machine is broken...

What command are you using on the firewall box, and what command are you using from outside? Are they both linux machines? What does the routing table look like? different dns servers? are you using the firewall for anything else, and does it work correctly?