On Wednesday 31 December 1969 18:59, netfilter-request@xxxxxxxxxxxxxxxxxxx wrote: Grant, > 1) Check to make sure that it is not a ""windowing issue, i.e. the > MTU/MRU, MSS, etc. Thanks for the hint. Looks like I should have some default 'clamp' rules as a start. iptables -t filter -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu Correct? What about the traffic going to the appliance? This rule fails on INPUT.... > 2) I know that XP SP 2 changes the number of TCP/IP > connections that a computer can have open at any given time. I think the > default prior to XP SP 2 was 50 or there abouts. Now the default for XP SP This is a product I'm building. It's not a single Firewall in a shop. Once it's out of my hands, I have no control over what is connecting to it. None of these people care their machine is broken. So, I need to do what i can in Linux on the appliance. : ( Dave