Connection problems on large high speed connections.

Stian B. Barmen stian at barmen.nu
Wed Apr 27 08:46:00 CEST 2005


> ons, 27,.04.2005 kl. 00.03 -0500, skrev Taylor, Grant:
> > When I flush my iptables script the error is gone. 
> 
> You say that when you flush your iptables script the error goes away?  Are you flushing the firewall completely or just reapplying / rerunning your firewall script?  What are you doing when you flush the script?
> 
> 

iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F DMZ
iptables -X DMZ
iptables -F ICMP
iptables -X ICMP
iptables -F SMTPDROP
iptables -X SMTPDROP
iptables -t nat -F POSTROUTING # slå av NAT'ing
iptables -t nat -F PREROUTING # slå av redirect

This is what I do when I run my script with stop parameter. The reason I
empty each separately is that I have one chain that I don't want to
reload every time (called NORDIC that is the IP classes of the nordic
countries). When running these -F and -X the problem goes away. 

My firewall script works shortly by masking out all traffic to a x/30
mask that is sent to the DMZ chain. All SMTP (dest. port 25) is filtered
in SMTPDROP, and ICMP in the ICMP chain. 

I run the following kernel modules:

modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ipt_ULOG

Best regards
Stian B. Barmen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2685 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20050427/1ec3757c/smime.bin


More information about the netfilter mailing list