Re: Firewall: Thoroughly Confused

[MKlinke <mklinke axsi com>]

On Friday 31 October 2003 20:03, you wrote:
> We could not receive mail from the Hormel (Redhat List) server. We
> were receiving the rest of our mail without a problem.
>
> Our server has three internal IPs on two interfaces; eth0, eth0:1,
> eth1.
>
> The router sent (NAT'd) services to the appropriate IP. Anything that
> wasn't NAT'd was sent to eth0:1 where the packets were logged and
> then rejected by IPTables. This was done exclusively through
> FILTER/INPUT. There were NO - zero - other rules in the firewall.
>
> Now here's the weird part. Packets from Hormel - and ONLY Hormel -
> were mangled. They showed up as UDP instead of TCP and then were
> assigned to an array of ports - none being 25.
>
> As soon as I stopped IPTables, the problem went away which means that
> there is no problem on the router end. Moreover, how could this
> possibly pertain ONLY to the Hormel server.
>
> Does anyone have any ideas?

If you capture your network traffic try tcpdump on the packet data.  
Something like:

tcpdump -n host 66.187.233.30 and not port 25 \ 
-r packetfile.dump

to see if they arrived at your network in a mess.

Regards,  Mike Klinke