This usually happens with clients behaving badly or misconfigured servers. Very unlikely (I would say less 1% chance) to be a netfilter issue. If you don't get any reports about you webserver being unreachable or unusable, all is working exactly as it should. If people do have problems with your webserver, check the configuration of the server and clients. -Sietse ________________________________ From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of zottmann@xxxxxxxxx Sent: Thu 01-Jun-06 13:56 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Possible conntrack problem Hi !! I am having a problem that I think may be related to conntrack. I am getting dropped packets in the firewall coming from our web server, source port 80, and going to external machines on high ports, with both ACK and SEQ numbers set. It seems to me that these packets are answers from our webserver to connections estabilished with it, but, for some reason, the connection information is being lost (maybe due to timeout?). How can I track this? Has anyone gone through something like it? Thanks in advance, Carlos.