Peter Bako wrote:
I have a Soekris net4801 box running as a firewall for a friend of mine that
runs a small business (about 5 employees). The ruleset is quite simple in
that he does not run any internal servers, so I pretty much block all
inbound traffic and allow all traffic back out. For inbound traffic I have
the scrub command enabled and for outbound traffic (tcp and udp) I have keep
state flag on.
However I've noticed that if more than one or two people are getting email
from their ISP (standard pop3), then the third person to try to get email
will get an error that the server could not be reached. Until recently they
have not received enough email for the email check and subsequent downloads
to take long, so whenever anyone got this error they would just wait a few
seconds and try again. However lately they have been getting a larger
volume of email (expected due to an upturn in business), so this problem is
getting much more noticed and annoying.
Anyone have any idea as to the cause and a solution for this? I've though
it might be that the Soekris box is underpowered, but the processor is
basically a PII/266 with 128M of RAM, which should be enough for such a
small site.
Now, I have not seen your pf.conf, but only using a simple ruleset that
you describe, my bet is that it is not the firewall that is causing the
problem. Does the ISP/mailserver have restrictions by any chance?
I cannot imagine that the 4801 would have ANY performance problem in the
situation you describe, unless it is en/de-crypting stuff that passes
through it. Even so, it would just make stuff go slower - not block stuff.
/Alexander
