Comments on: The Legendary Great Firewall of China

By: Steve’s Thought » 香港的GFW﹗？

Steve’s Thought » 香港的GFW﹗？ — Sun, 24 Sep 2006 16:30:23 +0000

[…] 今次 packet 19 收到 RST packet，真係有啲古怪。但係同其他遇到 GFW 嘅人唔同，可以參考 spacehunt.info，明天再繼續分析。 […]

By: spacehunt

spacehunt — Thu, 17 Aug 2006 16:37:48 +0000

iptables solve the problem if used on both sides.

That’s exactly what we tried. Sure, the connection doesn’t drop, but there’s still the transparent proxy to deal with.

By: well at least

well at least — Thu, 17 Aug 2006 13:46:24 +0000

you are right about the Man-in-the-middle.
Give this a look
http://www.lightbluetouchpaper.org/2006/06/27/ignoring-the-great-firewall-of-china/

iptables solve the problem if used on both sides.

By: Lawrence Sheed

Lawrence Sheed — Wed, 26 Jul 2006 16:47:15 +0000

Ok, I’m seeing this now.

We setup a service on port 26 for clients to send mail through with SMTP AUTH
(port 25 is spam filtered with a bunch of rbl’s now, and we’re seeing plenty collateral damage blocking)

If clients were blocked, we told them change over to port 26. (I would normally tell people use SSL / port 587, but we find that incurs the wrath of connection reset^H^H the firewall in spades, so i don’t even bother)

Problem was that they still couldn’t send mail.

A check on the server showed that everything was coming in ok except for the DATA.
Somewhere along the line the ‘china proxy’ was dropping that.

I did some logging myself as this was replicatable, and lo and behold, I was seeing similar to you - what I was sending was not what I was receiving.

Logging them off / on ADSL solved this for me. Probably something like - new ip address, new session with proxy server.

Makes running mail services here such fun, sigh…

By: “Man-in-the-Middle” is an understatement at spacehunt.info

“Man-in-the-Middle” is an understatement at spacehunt.info — Fri, 09 Jun 2006 10:09:12 +0000

[…] Blog « The Legendary Great Firewall of China […]