Connection problems on large high speed connections.

Stian B. Barmen stian at barmen.nu
Wed Apr 27 15:36:27 CEST 2005


Solved it! :)

Or rather, a friend of mine assisted me and we found the trouble. 

In the code I added at the end of INPUT, FORWARD and the redirected DMZ
chain the following:

iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A FORWARD -p tcp -j REJECT --reject-with tcp-reset
iptables -A DMZ -p tcp -j REJECT --reject-with tcp-reset


I removed the --reject-with tcp-reset on each line and the problem
dissapeard.

The strange thing is that this communication should never reach this
rule. When the communcation is established it should hit the rule:

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 

Should it not? (this rule runs before the -j DMZ and I have another one
for INPUT).

I have no explanation for this behaviour. Will try to log and see what I
can find but for now this is all I know. 

Thanks for the replies so far. 

Best regards
Stian B. Barmen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2685 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20050427/f5d41522/smime.bin


More information about the netfilter mailing list