Hi !! We are noticing here a reasonable amount of packets that are being dropped, that shouldn´t be. These packets are originated at our web server, port 80, targeted at high ports in external hosts, and have values set for both SEQ and ACK. This scenario leads us to think that these packages are answers to accesses that are being done to our web server, and that the response time is actually greater than the iptables conntrack limit. I think I recall reading something regarding to a problem with conntrack some time ago, but didn´t find anything in the list archives. We are running iptables v1.3.1 over a Fedora 3 with 2.6.11.12 SMP kernel. Can anybody help me on this? Thanks in advance, Carlos.
