Firewall Sending Resets(was Troubleshooting Netfilter Firewall
(performance issues))
Jozsef Kadlecsik
kadlec at blackhole.kfki.hu
Sat Nov 5 17:25:23 CET 2005
On Fri, 4 Nov 2005, Harrison, James wrote:
> > netfilter sends RST if it was configured to do so by using the REJECT
> > target.
> >
> > No vanilla netfilter sends RST to client and server, in any setup.
>
> I understand, but the file transfer is initiated, begins, and can and
> will run for a period of time, then out of the blue it fires the RST.
Are you sure the firewall creates the RST segments?
> Why?
Dunno. You should capture the full traffic by tcpdump so that one could
analyze it. Without such a proof nothing much can be said. Also, one would
require the list of netfilter patches (from patch-o-matic or others)
applied on top of kernel 2.4.31 in devil-linux.
Best regards,
Jozsef
-
E-mail : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the netfilter
mailing list