Hi !! Thank you both for your answers!! We are not getting any reports regarding problems with our webserver, but surely these logs are weird. We are going to try ip_conntrack_tcp_be_liberal and see what happens. By the way, what does it really means? Regards, Carlos. Em (14:15:13), Justin Schoeman escreveu: >Can also try: > >echo "1" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal > >Seems to help if there is a PIX between your clients and servers... > >-justin > >Sietse van Zanen wrote: >> This usually happens with clients behaving badly or misconfigured servers. >Very unlikely (I would say less 1% chance) to be a netfilter issue. >> If you don't get any reports about you webserver being unreachable or >unusable, all is working exactly as it should. >> >> If people do have problems with your webserver, check the configuration of >the server and clients. >> >> -Sietse >> >> ________________________________ >> >> From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of >zottmann@xxxxxxxxx >> Sent: Thu 01-Jun-06 13:56 >> To: netfilter@xxxxxxxxxxxxxxxxxxx >> Subject: Possible conntrack problem >> >> >> >> Hi !! >> >> I am having a problem that I think may be related to conntrack. >> >> I am getting dropped packets in the firewall coming from our web server, >> source port 80, and going to external machines on high ports, with both >ACK >> and SEQ numbers set. >> >> It seems to me that these packets are answers from our webserver to >> connections estabilished with it, but, for some reason, the connection >> information is being lost (maybe due to timeout?). >> >> How can I track this? Has anyone gone through something like it? >> >> Thanks in advance, >> Carlos. >> >> >> >> >> > >----------
