[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Sun Jul 16 11:55:32 CEST 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464
------- Additional Comments From holm at theorie.physik.uni-goettingen.de 2006-07-16 11:55 MET -------
(In reply to comment #27)
> Jurgen: you are behind a box which doesn't understand the SACK option.
- My Siemens Gigaset DSL Router with linux 2.4.17 ??
- German telecom ??
> ..
> - disable TCP window tracking in conntrack in the firewall:
>
> echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
That's it!
So, this is the bug: no documntations at all in /usr/src/linux/Documentation
This is important, because of the the change in behavior from 2.6.8.1 to new
kernels.
According to
http://lists.netfilter.org/pipermail/netfilter-devel/2005-September/021438.html
you run into the same trouble with e.g. intel's "Premier" service download
servers (Microsoft IIS)
So, ip_conntrack_tcp_be_liberal should default to 1
jh
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the netfilter-buglog
mailing list