Connection problems on large high speed connections.
Stian B. Barmen
stian at barmen.nu
Wed Apr 27 15:36:27 CEST 2005
Solved it! :)
Or rather, a friend of mine assisted me and we found the trouble.
In the code I added at the end of INPUT, FORWARD and the redirected DMZ
chain the following:
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A FORWARD -p tcp -j REJECT --reject-with tcp-reset
iptables -A DMZ -p tcp -j REJECT --reject-with tcp-reset
I removed the --reject-with tcp-reset on each line and the problem
dissapeard.
The strange thing is that this communication should never reach this
rule. When the communcation is established it should hit the rule:
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
Should it not? (this rule runs before the -j DMZ and I have another one
for INPUT).
I have no explanation for this behaviour. Will try to log and see what I
can find but for now this is all I know.
Thanks for the replies so far.
Best regards
Stian B. Barmen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2685 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20050427/f5d41522/smime.bin
More information about the netfilter
mailing list