[EMAIL PROTECTED] wrote:
> > Does anyone know why connections aren't aborted when ICMP dest
> > unreachables are received while in the SYN_* states? Esp. if they contain
> > the TCP packet which was sent (inc. seq num)
>
> I am afraid nobody knows why... because they are aborted. 8)
Firewalls send them, including Linux.
I noticed that Digital Unix doesn't abort on these either.
So if I have my firewall rules to reject TCP on port 113 (auth/ident),
our Digital Unix smtp server spends a long time retrying with the same
SYN packet.
The net result is that sending mail takes ages, because the remote smtp
server won't accept mail until the connection to my port 113 times out.
To fix this I have to explicitly *allow* port 113 in my firewall rules,
and not run an ident daemon. For any service that I want visible
locally but not remotely, this does not work.
Q: Any chance of changing the firewall send a TCP RST instead of ICMP
dest. unreachable?
thanks,
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
