Hi Chris,
>
> > we are using a firewall with RedHat kernel 2.4.20-19.7. The firewall is
> > configured to block every packet with DPT 199 into our network.
>
> You haven't given us your ruleset. Are you using a REJECT rule, especially
> with TCP reset?
Yes, we are using REJECT with TCP reset
iptables -A DRP_PCKT -p tcp -j REJECT --reject-with tcp-reset
>
> > IN= OUT=eth0 SRC=xxx.xxx.151.184 DST=xxx.xxx.11.231 LEN=40 TOS=0x00 PREC=0x0
0 TT
> > L=255 ID=0 DF PROTO=TCP SPT=199 DPT=34869 WINDOW=0 RES=0x00 ACK RST URGP=0
>
> This looks like a completely standard TCP reset. I can't tell for sure
> without seeing your ruleset, but I suspect that either you are blocking
> the incoming packet with -j REJECT --reject-with tcp-reset, or else it's
> not being blocked at all, and what you see is the kernel resetting the
> connection in the normal way (since it's not listening on that port).
I will attach the complete ruleset to this mail. The problem is, that
the packet resetting the connection appears on the "wrong" interface. So if
eth1 is our external interface, the kernel should sent a RST ACK also to
eth1 (and not to eth0 which is the internal interface). As mentioned, the
2.4.18 didn't show that behaviour.
cheers,
juergen
