>From what I am seeing below something is still batching DPT 110. I have seen this happen on some machines that do not have kernel modules loaded or available. Case in point, I have a virtual server we lease for a project that is based on Fedora Core 2 and it has all of the modules statically loaded. But connection tracking does not work so adding reject always causes a failure. May 16 14:50:29 bnofmail kernel: FIREWALL: IN=eth0 OUT= SRC=70.156.232.189 DST=172.16.17.169 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=23735 DF PROTO=TCP SPT=1867 DPT=110 WINDOW=8280 RES=0x00 ACK URGP=0 Can you do two things; send us the output of lsmod and also the original rules /etc/sysconfig/iptables instead of the iptables -L command. > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Bowie Bailey > Sent: Tuesday, May 16, 2006 12:13 PM > To: Netfilter List (E-mail) > Subject: RE: iptables and pop3 lockup > > It seems like iptables is losing the connection between the packets > and the open connection. > > -- > Bowie