On Mon, 10 Jul 2006, Arno van Amersfoort wrote: > I'm currently running a vanilla kernel 2.6.15.6, but I already observed > it with older kernel versions too.... The system is running Debian 3.1 > x86 with iptables 1.2.11, but I don't think this really matters.... If > you need additional info, please let me know... There was a SACK related bug in TCP connection tracking which was fixed around 2.6.15 and which exhibited such problems. Either upgrade the kernel on your firewall or disable SACK on all machines behind it. If you can reproduce the problem at will with a machine then disable SACK on it and check wether it solves the problem. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
