[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Sun Jul 16 11:55:32 CEST 2006


https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464





------- Additional Comments From holm at theorie.physik.uni-goettingen.de  2006-07-16 11:55 MET -------
(In reply to comment #27)
> Jurgen: you are behind a box which doesn't understand the SACK option.

- My Siemens Gigaset DSL Router with linux 2.4.17 ??
- German telecom ??

> .. 
> - disable TCP window tracking in conntrack in the firewall:
> 
> echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal

That's it!

So, this is the bug: no documntations at all in /usr/src/linux/Documentation
This is important, because of the the change in behavior from 2.6.8.1 to new
kernels.

According to
http://lists.netfilter.org/pipermail/netfilter-devel/2005-September/021438.html
you run into the same trouble with e.g. intel's "Premier" service download
servers (Microsoft IIS)

So, ip_conntrack_tcp_be_liberal should default to 1

jh

-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.



More information about the netfilter-buglog mailing list