[Firehol-support] Re: smtp and gre tunnels

Daniel Pittman daniel at rimspace.net
Sat Apr 23 01:48:14 BST 2005

On 23 Apr 2005, Rick Marshall wrote:
> now that i've put firehol in, instead of firestarter, i have a new 
> problem. (although most things work better)
> our servers have several tunnels to remote offices. we used to be able
> to run sendmail over the tunnels to act as the mail server for our users.
> this is particularly important as there is more than one sendmail server
> on the network and they are used as a message switch between servers.
> what we find is that small messages (one packet i think) get through, 
> but longer messages don't. here's the strange bit: if we take the 
> mailserver access outside the tunnels (gre) they work fine. it worked 
> fine when firestarter setup the iptables rules. the stmp exchange works
> ok, it's just the data bit that doesn't.
> our voip works ok, so does the video conference, and so does ssh. it's
> just sendmail....

You have a Path MTU Discovery black hole, caused by the GRE tunnel.

Implement one of the solutions for this very problem, most commonly
found in the context of PPPoE connectivity, and your life wil improve.

Change is disruptive -- that's the point!
        -- Karen Bredfeldt

