On Mon, 21 Jun 2004, Daniel Wittenberg wrote: > On Mon, 2004-06-21 at 04:38, Jozsef Kadlecsik wrote: > > On Fri, 18 Jun 2004, Daniel Wittenberg wrote: > > > > > tcpdump I won't be able to get until it fails again, but it's > > > 2.4.22-1.2188.nptl (did it with kernel-2.4.22-1.2174.nptl too). > > > > First I'd make sure the server truly responds to the client request > > *and* the packet is missed somehow by netfilter. That'd mean to run > > tcpdump on the interface facing to the server so that the relevant packets > > could be captured. > > Yeah, I've been running tcpdump/ethereal on the external interface to > make sure. If I drop iptables/restart firewall, everything works just > fine. That's strange then: the traffic dump you posted contained the client SYN request but did not show the SYN/ACK reply from the server at all. What does it mean 'drop iptables/restart firewall'? Delete all rules, remove all modules including ip_conntrack and restart? Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
