Hi All: We are using iptables-1.2.11-3.1.RHEL4 on CentOS 4.0. The firewall is used between two departments and forwards GSM application traffic (Prepaid Recharging etc.). As there are too many rules, we are using FWBUILDER as the GUI. The firewall is dropping packets for a valid rule. But surprisingly, the packet drop is not regular. Most of the packets are getting forwarded and some are dropped. At certain time, the packet drop is increased a lot. Generally, the drop incident increases between 0700 ? 0800 hrs and 2330 ? 0030 hrs. But, for traffic, that is an off-peak duration and firewall is also not running any cron or other scheduled job. The logs are below: Aug 20 12:19:54 sec-fw01 kernel: PASSED IN=eth2 OUT=bond0 SRC=10.10.20.20 DST=192.168.20.20 LEN=48 TOS=0x00 PREC=0x00 TTL=62 ID=8587 DF PROTO=TCP SPT=49793 DPT=10010 SEQ=2962957157 ACK=0 WINDOW=49640 RES=0x00 SYN URGP=0 OPT (020405B401010402) Aug 20 12:19:42 sec-fw01 kernel: DROPPED IN=eth2 OUT=bond0 SRC=10.10.20.20 DST=192.168.20.20 LEN=48 TOS=0x00 PREC=0x00 TTL=62 ID=8486 DF PROTO=TCP SPT=49995 DPT=10010 SEQ=3014985752 ACK=0 WINDOW=49640 RES=0x00 SYN URGP=0 OPT (020405B401010402) First one is the forwarded case and second one is the dropped case. The Drop rule is the Default rule added at the bottom of all rules. Anyone please advise. Best Regards, Refayet
