Forum Discussion
Kalpesh_48932
Nimbostratus
NimbostratusPort forwarding for SMTP
Hello,
i have done port forwarding for SMTP traffic. for this I have configured VIP on port 25 and pool members of this VIP on port 2500.
however when i test i get this TWO below diff results.
1. ON DIRECT NODE :
$ telnet 10.155.63.126 2500
Trying 10.155.63.126...
Connected to A92SV00699JIV (10.155.63.126).
Escape character is '^]'.
220 localhost ESMTP SubEthaSMTP
HELO domain
250 localhost
QUIT
221 Bye
Connection closed by foreign host.
2. VIA VIP :
$ telnet 10.155.65.43 25
Trying 10.155.65.43...
Connected to uat.my.saint-gobain.com (10.155.65.43).
Escape character is '^]'.
-------------- here “220 localhost ESMTP SubEthaSMTP” is missing !!!!!!!!!!!!!!!!!!!
HELO domain
220 localhost ESMTP SubEthaSMTP
250 localhost
QUIT
-------------- here no reaction/resonse from the node
can anyone please help?
nitassEmployee
2. VIA VIP :
$ telnet 10.155.65.43 25
Trying 10.155.65.43...
Connected to uat.my.saint-gobain.com (10.155.65.43).
Escape character is '^]'.
-------------- here “220 localhost ESMTP SubEthaSMTP” is missing !!!!!!!!!!!!!!!!!!!
HELO domain
220 localhost ESMTP SubEthaSMTP
250 localhost
QUIT
-------------- here no reaction/resonse from the node is 220 not a line below HELO domain??
this is my testing.[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:25 ip protocol 6 } [root@ve10:Active] config telnet 172.28.19.79 25 Trying 172.28.19.79... Connected to 172.28.19.79 (172.28.19.79). Escape character is '^]'. 220 mail.f5.com ESMTP HELO me 250 mail.f5.com QUIT 221 mail.f5.com Connection closed by foreign host.
Kalpesh_48932Hi Nitass
if you see both outputs you can find difference in sequence.
220 should be above HELO domain.
after QUIT command 221 sequence of aborting is missing.- nitass220 should be above HELO domain. sorry i might misunderstand i.e. i thought you typed HELO too fast.
e.g.[root@ve10:Active] config telnet 172.28.19.79 25 Trying 172.28.19.79... Connected to 172.28.19.79 (172.28.19.79). Escape character is '^]'. HELO me 220 mail.f5.com ESMTP 250 mail.f5.com
anyway, if it is not, is there any special setting in the virtual server configuration? - Kalpesh_48932This is the current setting I have on F5.
[root@STG1F5LDB01:Active] config b virtual vs_jive_uat_25 list
virtual vs_jive_uat_25 {
snat automap
pool pool_jive_uat_25
destination 10.155.65.43:smtp
ip protocol tcp
profiles {
http {}
tcp {}
}
vlans INTERCO enable
}
[root@STG1F5LDB01:Active] config b pool pool_jive_uat_25 list
pool pool_jive_uat_25 {
members {
10.155.63.126:rtsserv {
priority 5
}
10.155.63.153:rtsserv {
priority 1
session user disabled
}
}
} - nitasswhy do you use http profile for smtp traffic? does it really work??
- Kalpesh_48932I tried removing HTTP profile.
[root@STG1F5LDB01:Active] config b virtual vs_jive_uat_25 list
virtual vs_jive_uat_25 {
snat automap
pool pool_jive_uat_25
destination 10.155.65.43:smtp
ip protocol tcp
vlans INTERCO enable
}
[root@STG1F5LDB01:Active] config
and after this, when i tested, connection drops immediately.
Can you tell me tcpdump command to display capture during test? I want to test connection on VIP.
i tried below and did not had anything in capture.
[root@STG1F5LDB01:Active] config tcpdump -s0 dst 10.155.65.43 and dst port 25
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
0 packets captured
10 packets received by filter
0 packets dropped by kernel - nitassCan you tell me tcpdump command to display capture during test? I want to test connection on VIP. can you try this?
to screen
tcpdump -nni 0.0 \(host 10.155.65.43 and port 25\) or \(host 10.155.63.126 or host 10.155.63.153 and port 2500\)
to file
tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap \(host 10.155.65.43 and port 25\) or \(host 10.155.63.126 or host 10.155.63.153 and port 2500\) - Kalpesh_48932Thanks Nitass, but issue is resolved now..after removing http profile.