Are you explicitly allowing fragments through? When a packet is fragmented only the first fragment contains the TCP/UDP header. So if you're only permitting based on that header the fragments won't make it. Marcel de Boer <marceldb@xxxxxxxx> wrote: > Hello everybody, > > for my home network I have built a Linux-based firewall (based on the > slackware-built 2.4.21 kernel). The firewall is working fine, except for > large FTP downloads. After 13.68MB (sometimes a bit more, sometimes a bit > less, but most of the time 13.68) the connection just hangs. The control > channel is still active, because I can abort the download and start it > again, but it never gets beyond 14MB. > > I have tried this with multiple servers (ftp.kpn.be and ftp.slackware.no), > multiple local computers (two Slackware-based, one Debian-based) and > multiple clients (ncftp and lftp), and the problem returns in all > situations (even when downloading directly to my firewall machine). > > I strongly suspect the firewall, but I can't imagine what I have done > wrong (especially because a very similar configuration based on the same > framework at my work does not have this problem). > > TIA && Gtnx > Marcel de Boer > > PS. Please also Cc a reply to me, because I am not on the list. > > >
