Index: [Article Count Order] [Thread]

Date:  Thu, 14 Dec 2006 13:16:47 -0500
From:  "Paul Aviles" <paul.aviles (at mark)>
Subject:  [coba-e:08191] Re: TCP Checksum Invalid
To:  <coba-e (at mark)>
Message-Id:  <200612141816.kBEIGnBZ026555 (at mark)>
In-Reply-To:  <7853B509BA765D40B8DACAEA2F64B2A43E7EF8 (at mark)>
X-Mail-Count: 08191

Rusty, the issue you are describing is called Mailguard on the Cisco Pix's
using a fixup command. With this option, the pix returns a a bunch of zeros
instead of the version of the mail daemon you are using for the initial smtp
connection. Try telnet on port 25 to any local smtp server and you will see
what you get.

To turn it off on the pix you will need to type in console/terminal more "no
fixup protocol smtp" and do a "wr mem" to update the pix. An update of the
software on the pix will NOT cause this as requires manual intervention to
get enabled.

See here for more information.


Paul Aviles
Nickel Networks

-----Original Message-----
From: Rusty Waybrant [mailto:RWaybrant (at mark)] 
Sent: Thursday, December 14, 2006 12:28 PM
To: coba-e (at mark)
Subject: [coba-e:08190] Re: TCP Checksum Invalid

If it works on the LAN but it is not working through the firewall, possibly
the firewall? 

I am not big on all network/cisco stuff, and my experience on this was not
related to BQ/Nuonce, but I had to request that the PIX 'fixup' be turned
off for outbound sessions. I think this is what it is called? It is where
the PIX will read into sessions to mask the identity of all services, like
"220 ESMTP Sendmail" being replaced by *** ***** ********. 

This was for an outbound SMTP issue (Exchange) as all mail was not sending
because of it, but where 'fixup' is still working just fine when left
turned-on for the inbound sessions. I think this was related to a recent
update to the PIX software, so I wish I knew more here... Another weird
thing, it was only Exchange, as I had a sendmail server behind the same PIX
that was sending just fine. 



From: Dave Doherty [mailto:dave (at mark)]
Sent: Wednesday, December 13, 2006 10:04 PM
To: coba-e (at mark)
Subject: [coba-e:08183] TCP Checksum Invalid

I recently installed Nu-CentOS-BQ-4.6.iso on a Dell C521 computer. 
On the LAN, it seems to work fine, but outside viewers cannot see it. I
enabled ports 444 and 81 as well as the normal HTTP, HTTPS, DNS, POP,
IMAP, SMTP and FTP through the firewall, which is Cisco PIX506E.
I installed Ethereal on a system on the LAN and accessed the server's
admin interface. Many of the TCP packets from the server showed "TCP
checksum invalid" errors, which I assume is why the packets are not
making it though the firewall.
Is this a known issue with the 4.6 release? Has anyone else experienced
-Dave Doherty
 Skywaves, Inc.