On 5/25/21 4:36 AM, Marco Gaiarin wrote:
How can i 'debug' this issue? Thanks.
I'd check the output of dmesg to see if you're exhausting the state table. If you are, you'll see all sorts of messages from the kernel. At least I did when I ran into this years ago. Adding memory addressed the problem then.
Short of that low hanging fruit I'd start with packet captures so that you can watch the traffic flow. I occasionally see invalid traffic after the flow should have been closed.
It looks like your client may be sending TCP Reset packets. This could be directly related to how different systems terminate a TCP connection. -- Even if the clients agree, they may be doing something different than the connection tracker helper expects, thus causing a subsequent packet to be considered invalid after a shorter shutdown.
-- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature