On 7/26/05, Andrew <andrewna@xxxxxxxxxx> wrote: > But the question is, why are subsequent packets coming from the remote > machine being identified as INVALID? Will allowing INVALID packets cause > other problems? Allowing INVALID is generally unnecessary, and can let certain port scans through undetected. > The Linux machine is actually behind another Cisco PIX firewall. Could the > hardware firewall be translating the packets wrongly? Any ideas? Can you try with a machine between the firewalls? That would simulate a web request but bypass PIX. [iptables]---[testbox]---[PIX]---[Internet] Running a tcpdump might also give useful information.
