Firewall Sending Resets(was Troubleshooting Netfilter Firewall (performance issues))

Jozsef Kadlecsik kadlec at blackhole.kfki.hu
Sat Nov 5 17:25:23 CET 2005


On Fri, 4 Nov 2005, Harrison, James wrote:

> > netfilter sends RST if it was configured to do so by using the REJECT
> > target.
> >
> > No vanilla netfilter sends RST to client and server, in any setup.
>
> I understand, but the file transfer is initiated, begins, and can and
> will run for a period of time, then out of the blue it fires the RST.

Are you sure the firewall creates the RST segments?

> Why?

Dunno. You should capture the full traffic by tcpdump so that one could
analyze it. Without such a proof nothing much can be said. Also, one would
require the list of netfilter patches (from patch-o-matic or others)
applied on top of kernel 2.4.31 in devil-linux.

Best regards,
Jozsef
-
E-mail  : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary



More information about the netfilter mailing list