Hi Juergen, > we are using a firewall with RedHat kernel 2.4.20-19.7. The firewall is > configured to block every packet with DPT 199 into our network. You haven't given us your ruleset. Are you using a REJECT rule, especially with TCP reset? > IN= OUT=eth0 SRC=xxx.xxx.151.184 DST=xxx.xxx.11.231 LEN=40 TOS=0x00 PREC=0x00 TT > L=255 ID=0 DF PROTO=TCP SPT=199 DPT=34869 WINDOW=0 RES=0x00 ACK RST URGP=0 This looks like a completely standard TCP reset. I can't tell for sure without seeing your ruleset, but I suspect that either you are blocking the incoming packet with -j REJECT --reject-with tcp-reset, or else it's not being blocked at all, and what you see is the kernel resetting the connection in the normal way (since it's not listening on that port). Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
