Problem downloading large files from Apache from far

curby . curby.public at
Thu Jul 28 07:04:02 CEST 2005

On 7/26/05, Andrew <andrewna at> wrote:
> But the question is, why are subsequent packets coming from the remote
> machine being identified as INVALID? Will allowing INVALID packets cause
> other problems?

Allowing INVALID is generally unnecessary, and can let certain port
scans through undetected.

> The Linux machine is actually behind another Cisco PIX firewall. Could the
> hardware firewall be translating the packets wrongly? Any ideas?

Can you try with a machine between the firewalls?  That would simulate
a web request but bypass PIX.


Running a tcpdump might also give useful information.

More information about the netfilter mailing list