EofException:Timeout
-
I am attaching a text file which desrcribes the Firewall Rules.
Hope it is understandable in format.
-
That's a step further on, but we still need a diagram. Knowing what your rules are doesn't help if we don't know where thing like your mail server are.
It would also help to get an idea of the number of states in use.
-
I'm not sure how to get the network Diagram. I can explain you contextually if you need me to answer specific questions. I'm not best at network topologies but understand the basic LAN/WAN Connections.
To begin with, the mail server, terminal servers, LDAP Server are all under the same firewall with different rules on each specific ports.
Im not sure how specific should my answer be. You can ask if i don't sound right.
-
I'm creating a network Diagram right now!
Will attach in a few minutes.IT would be something similar to this.
There is one more router which is configured as DMZ
-
This is turning into a game of 20 questions… :(
That diagram is very pretty, but it misses off all the important details. The diagram should include what the interface names are, what the IP addresses are etc. Otherwise just how do you expect us to join up the firewall rules you've provided with the diagram? If in doubt provide details rather than excluding it.
-
Sorry,
It took a lot of time to figure out the network connections.
Does MTU of the router and the MTU settings of the network interface of the mail server should be the same?
Still getting the same timeout error.
-
I still cannot figure out the problem. The ssh connection too aborts after using KeepAliveInterval 30 in sshd_config.
I just want to make sure into which category does this kind of error belongs to
(SMTP timeout)When Zimbra can attach and send normally any attachments outside the firewall. There should be something to deal with the Firewall. isn't it?
I'm not sure on that too. But, the firewall log of the rules i gave for mail server show the local IP is connected to mail server on port 25
Any help???
-
I received a PM from ashrocks asking for help with this problem. I was starting to feel it was too hard (too time consuming) to get the information I was looking for to be able to contribute to this discussion.
Ashrocks, I have other things I can be doing with my time. I'm not paid to contribute to this forum so if you repeatedly fail to provide requested information I'm likely to go off and do other things including spend time on other forum topics where people provide the information requested.
Thanks for your good looking network diagram. Its missing a few things including the IP addresses, interface names (e.g. WAN, LAN, OPT1) and physical interface names (e.g. em0, vr1, rl2 etc) of the pfSense box. Cry Havok asked for at least some of this information. The pfSense default configuration applies different attributes to the interfaces based on their names so we need the interface names. We want the physical interface names because certain families of interfaces have particular problems that MIGHT be relevant to your problem.
While on the network diagram, I have a number of issues with it:
-
please show the proxy server's connection to the network. For which services does this system act as a proxy?
-
Which system is the mail server under discussion?
-
You show a system with public IP address 66.29.44.19 (Postal) which is apparently unprotected by a firewall. Is this correct? If so, why is it unprotected by the firewall.
-
The switch dmz has a public IP address. Should it be a router? If not, why does it have a public IP address?
-
The Aktino router - what does it do? (presumably at least routing, port forwarding and NAT)
-
Please describe the categories LOCAL Users on Patchboards 1 and 2, for example, only desktop PCs and laptops on Patchboard 1, only VOIP phones on Patchboard 2
-
Your report:
@ashrocks:The ssh connection too aborts after using KeepAliveInterval 30 in sshd_config.
is not informative enough to be useful. I'm looking for reports like: An attempted ssh connection from xxx to yyy reported: which should be followed by a paste of the ssh command and its response. Your translation of the response from the ssh command doesn't allow us to distinguish between "unknown host", "timeout", "connection refused" etc, each of which is an indicator of a quite different problem from the others. The xxx and yyy should be systems shown on your network diagram (otherwise how will we know its relevance to this particular issue?)
But, the firewall log of the rules i gave for mail server show the local IP is connected to mail server on port 25
When I read this my first response was to ask "Does the log show BLOCK or PASS"? If it shows BLOCK then probably some firewall rule needs to be tweaked but since this report doesn't show source and destination addresses and doesn't show firewall action its impossible to know how relevant this is. When I go back looking through the replies I see the rules are posted at another web site. CryHavok reports that some of that posting is too small to read and I don't see a posting to say that has been fixed. I've already spent a long time on this reply so I'm less inclined to go following the link to the photo album displaying rules which might be too small for me to read. I think I'm doing you a favour by giving my time and experience to work on your problem. The harder it is for me to get the information I think I need to work effectively on your problem the less likely I am to continue to provide the favour. Please post an extract of the firewall log showing the access attempt to mail server on port 25.
Personal experience suggests this posting could be taken as a long complaint about you. Its not intended that way. I realise this is a complex field and its not easy to know what information is important. My remarks have been intended to help you give enough information to help your readers understand the problem in sufficient detail to help you quickly. You have a problem not commonly seen, you have a network that is a bit more complex than many described in the pfSense forums so its likely to take a bit of work to understand what is really happening.
One approach I commonly use in solving computer problems is I attempt to reproduce the problem (commonly on a configuration I construct in my mind, occasionally on a configuration I build out of physical systems). Then I commonly tweak that configuration by changing something I think might be relevant to the problem to see how the behaviour changes. Consider your problem report of ssh connection aborts. I can think of many ways to make an ssh connection abort, including:
-
specify a host name which doesn't have an IP address
-
specify a host name which doesn't have a running SSH server
-
specify a host IP address that is offline
The above are all problems before a connection is established. Perhaps the ssh connection aborted after the password prompt was displayed. Perhaps it aborted during login and before the shell prompt. But if you had provided the shell command and its error report I could relatively quickly eliminate some (if not most) of these possibilities. With a smaller "problem space" (fewer possibilities to consider) I'm likely to be able to reproduce your problem (including similar error reports and logs etc) more quickly than if if I have a larger problem space.
-
-
-
-
Wallabybob,
First of the all, Thank you so much for your time and efforts in providing assistance voluntarily and i highly value and appreciate it. I didn't mean to bother you by sending PM but felt you would know about it as you answered a similar problem. But yes!, each problem differs and depends on various situations.
And as i introduced, i'm a newbie and i have been left for myself to figure out a yet complex network settings on pfsense which does not have proper labelling or any Wiki page explaining where the rules and subnets are for. So, i'm taking time to provide as much information for my problem as i could so that i don't confuse myself or others while asking questions.
Ok, i would keep to point. I have attached a logical network diagram which shows WAN>LAN>DMZ(OPT1) subnets and the mail server (in question today). And also the interfaces and how the network is setup in my server room. The previous one on the above post is the physical diagram which was not right i guess, as all the DMZ and LAN Switches are inside the firewall. There is no port forwarding on any IPs except a 1:1 WAN Mapping. I don't think Aktino is router, as my ISP provider said they have a direct connection from my ISP provider to Aktino box to the firewall.(I'm not sure why is that for then :( )
We don't have any laptop PC's in LOCAL users, those are thin clients on NIC cards connected to terminal servers which are again under the LAN subnet. All these local PC's are connected through patch boards.I have seen the firewall logs to see if the IP through which i'm trying to send email with attachment is blocked, but the status showed that my IP is allowed to pass through to the mail server (postal) through port 25. That should be true because, I'm able to send text lines in the emails and emails with attachments size less than 50kB.
The reason i mentioned SSH Connection was because i felt both the network connection timeout errors on the ssh and smtp timeout are interconnected somehow.
Well, the ssh connection i made was from one of the client pc's on LAN to Postal Mail sever through port 22 on PuTTY. After every 30sec, the connection aborts with an error message which says, "Network Error: Connection reset by peer" or "Network Error: Software caused connection to abort".The mail server interfaces are eth0:Public IP and eth1: Local IP.
Please let me know if there is anything more i need to provide which might help clearing the confusion.
And once again, thanks everyone for helping out.
![Physical Network Dia.png](/public/imported_attachments/1/Physical Network Dia.png)
![Physical Network Dia.png_thumb](/public/imported_attachments/1/Physical Network Dia.png_thumb)
Firewallrules.txt
mailerrorattachment.txt -
Thanks for the updated information. I felt as if I was thrown in the deep end of the swimming pool when I started in networks. The learning curve seemed very steep.
An ongoing frustration I have with the reporting on this issue is that I have to keep asking for the same information. Two examples:
-
I asked for the IP addresses of the pfSense interfaces. I can't see them ALL on your diagram.
-
I asked for the ssh command you have been using to access the mail server.
Because the pfSense box on your diagram didn't have the interface names close to the box it took me a while to see them. It looks to me that WAN is rl0, OPT1 is rl1 and LAN is bfe0. Correct?
Realtek interfaces, especially the early rl interfaces, have a reputation for poor quality. Does your pfSense system log report anything involving rl0 or rl1?
There are two paths from client PCs to the mail server. Do you get different results for your ssh session depending on which path you use? (Try ssh to the mail server LOCAL IP address, ssh 10.10.0.146 and ssh to the mail server "public" IP address, ssh 69.29.44.19). Does either session last more than two minutes after login?
On the mail server, what brand and model of NICs are used? (post output of shell command lspci) Is there anything in the system log reporting any event on the nterfaces? Hopefully you don't have old generation Realteks there.
-