I was hoping this would solve a very similar problem that I have. When I
saw the ICMP 113, I was sure that was going to be the problem, but it didn't
fix it, and there are no ICMP packets in the traces.
I am getting extremely slow response with IMAP (port 143) when masquerading.
The symptoms are always the same - the IMAP connection started out running
quickly, and then stops suddenly. The TCP exchanges all appear normal, but
huge delays start occurring until the connection eventually times out. No
matter how long the timeout is set, the connection always breaks (at the
IMAP layer) eventually. But, TCP is always happy.
The same client and server communicate just fine through Windows 2000 NAT.
Everything else seems to work just fine. The client is Outlook 2000, and
the server is Exchange (2000, I think).
Here is another interesting strange thing. I tried setting up a PPTP VPN
connection, which I can do to just fine (I have installed the PPTP masq
patches). The same IMAP timeout occurs over PPTP. But, if I use SSH to
redirect port 143 to a public UNIX box, and from there to the IMAP server,
everything works just fine. So, the connection works tunneled through an
SSH tunnel, but not through a PPTP VPN tunnel between the same client and
I'm sure that there is some kind of strange protocol bug in the Microsoft
client or server.
Any other ideas?
>This could be caused by using a DENY rule on the ident server port
>(113). Some servers try to determine the identity of the user who's
>making a connection. This can make tracking perpetrators of break-in
>attempts and the like easier. The problem is that a DENY rule just drops
>the packet, so the sending system thinks it's been lost. If you change
>that rule to REJECT, or open a hole in your firewall to let it through
>(with or without the identd server running on your system), the problem
>will go away (if I'm right about the cause, of course).
Thank you! This worked. I knew right away when I read this that I was
blocking that port. I changed it to a REJECT which sped it up but the
real speed increase came when I opened it entirely. Are there any
security vulnerabilities that I am exposing myself too with leaving this
Yoda of Borg are we: Futile is resistance. Assimilate you, we will.