On Mon, 17 Jul 2006, Arno van Amersfoort wrote: > Jozsef Kadlecsik wrote: > > On Thu, 13 Jul 2006, Arno van Amersfoort wrote: > > > >> Just did some more investigation. Didn't test with tcpdump yet as this > >> issue is not reproducable easiely :-S Anyway it turns out that the > >> packets shown have state "INVALID" (opposed to ESTABLISHED or NEW). So > >> somehow iptables "thinks" they no longer belong to a connection > >> (somehow).... > > > > If you enabled logging invalid packets, then the kernel would produce log > > lines why those packets were categorized as INVALID. > > I've tried enabling this option but nothing shows up in my kernel log. > I'd expect it to appear in loglevel kern.* right ? That's right. You have got the kernel module ipt_LOG loaded in (and ipt_ULOG doesn't), don't you? Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
