At 7:03 PM +0000 12/7/04, Tony Finch wrote:
>On Tue, 7 Dec 2004, Dan Shoop wrote:
>>
>> > I expect your peculiar routing is the problem :-)
> >
> > The problem exists before the routing is in place so it can't be
>the culprit.
>
>I didn't mean the debugging route, I meant in general.
>
>Try running `netstat -an` while running a working telnet connection to the
>destination host and a non-working exim connection, and see if there are
>any differences.
OK I think I've got you now and see my wooly thinking.
First, to answer your question, what netstat -an is showing is that
when exim is trying the sender verification SYN_SENT occurs, but the
connection never gets ESTABLISHED.
Obviously if I add a static route such as:
route add <remote-host> 10.123.119.1
where 10.123.119.1 is the gateway I want the NI 10.123.119.19 to use,
yielding a routing table
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 23 11 en1
10.123.119/24 link#7 UCS 1 0 en5
10.123.119.1 0:40:10:13:98:5e UHLW 1 0 en5 827
10.123.119.19 127.0.0.1 UHS 0 0 lo0
17.254.13.6 10.123.119.1 UGHS 0 0 en5
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 36 1094698 lo0
169.254 link#5 UCS 0 0 en1
192.168.1 link#5 UCS 4 0 en1
192.168.1.1 0:4:5a:d5:f1:93 UHLW 22 823 en1 333
192.168.1.10 127.0.0.1 UHS 0 35 lo0
192.168.1.20 link#5 UHLW 1 5 en1
192.168.1.59 0:b0:d0:df:80:f9 UHLW 2 301 en1 1193
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 1 en1
then if I telnet out to the remote host's port 25 I get an
ESTABLISHED connection with a command such as
telnet> open -s 10.123.119.19 17.254.13.6 25
What's baffling here is why if exim also tries with this static route
that it also only gets SYN_SENT but no ESTABLISHED connection. With
the static route to a given host I'd expect it to behave the same way
as the telnet connection.
My "Duh!" moment occurred when there were no static routes. Here if I
tried using the "telnet> open -s 10.123.119.19 17.254.13.6 25"
command w/o the static route I got the same SYN_SENT behavior as I
was seeing with exim. This is I presume the point you were trying to
make. Without any static routes I have a routing table like
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 23 11 en1
10.123.119/24 link#7 UCS 1 0 en5
10.123.119.1 0:40:10:13:98:5e UHLW 0 0 en5 725
10.123.119.19 127.0.0.1 UHS 0 0 lo0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 18 1094772 lo0
169.254 link#5 UCS 0 0 en1
192.168.1 link#5 UCS 4 0 en1
192.168.1.1 0:4:5a:d5:f1:93 UHLW 22 827 en1 231
192.168.1.10 127.0.0.1 UHS 0 35 lo0
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 1 en1
for my host with IPs 192.168.1.10 and 10.123.119.19) and given the
above behavior with telnet I realized that obviously while I can
specify the NI to use, the default route no doubt remains the same,
and that default route leads through a network that doesn't permit
port 25 traffic, hence SYN_SENT and nothing ever received and a
timeout. Obviously what you were hinting at was that just specifying
the interface on the right network isn't enough, I need to make sure
it sends through the right network, which is still determined by the
default route alone, regardless of sending IP address.
Of course I'm still baffled as to why with a specific static route
exim failed to get more than the SYN_SENT while telnet could get
ESTABLISHED.
So I guess I now need to figure out some way of doing port level
routing, so that port 25 outbound traffic hits the right network.
I'll see what ipfw might provide here.
Thank's Tony for pointing me towards my wooly thinking.
If anyone has any further pointers, I'd be interested.
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.iwiring.net/
shoop@??? http://www.ustsvs.com/
pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B
iWiring designs and supports Internet systems and networks based on
Mac OS X, unix, and Open Source application technologies and offers
24x7, guaranteed support to registered clients, at affordable rates.
