Le lun 04/08/2003 à 09:29, Jean-Christian Imbeault a écrit : > Cedric Blancher wrote: > > Do you use patches such as tcp-nopickup that could make an ACK packet > > fall into INVALID state because not matched against any existing > > conntrack entry ? > How can I check? I installed iptables v1.2.8 with no patches so I don't > think I ahve tcp-nopickup installed. Well, probably not this. Still, just add a logging rule for INVALID packets, just to check. I may miss something obvious, but for now, I do not see anything but an INVALID state to cause this packet get dropped. Also check if your conntrack table is not full (see /proc/net/ip_conntrack file) and kernel log entries for some related errors. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
