Joshua Goodall wrote: > On Tue, Mar 16, 2004 at 09:12:01AM -0300, Fabiano Reis wrote: >> Conclusion: I think this was because the Windows implementation of >> TCP detects something different on this connection, maybe it >> detects in some way that there is a filter on the server side and >> this is why the time for the error message take so long to appear. > > Basically yes. I wouldn't say that Windows "detects something > different". I would say that the Windows client isn't properly > interpretating the ICMP Port Unreachable message. Incorrect. Receiving an ICMP port unreachable message should not cause a break in the connection attempt - it should be retried until SYN timeout, at which point it can be informed that there was an ICMP port unreachamble message received during the period. So Windows is acting properly. >> Am I right? Is there a workaround for this problem? I need to make >> windows think that the server is really "down" and that is why i?m >> writting to you people. > > try extending your REJECT option: > > -j REJECT --reject-with tcp-reset > > which should give you the desired result, in exchange for being > a crude pseudo-rejection. If you wish to get immediate reject responses, TCP reset is the only way. It has nothing more or less crude than sending an ICMP. -- Naked
