Am Freitag 13 April 2007 16:31 schrieben Sie: >There's a few conntrack helper around: FTP, IRC, H323, SIP, etc. Clearly, but of these, I use only FTP, if any. > The very first step to me is reliably reproducing your issue. This is what I tried meanwhile. The result (gained manually by means of a telnet client while having established a ssh session in the opposite direction) is completely negative: netfilter actually turns down reverse directed packets even if RELATED state is configured as acceptable. It's somewhat hard to admit, but for truth's sake: I must have misinterpreted an unusual windows firewall log entry. On certain conditions, most probably when the loading of a web page is interrupted somehow, the receiving socket is already shut down while the server still continues sending. Apparently because the Windows firewall had started blocking the socket's associated port, he drops a message which roughly reads : "2007-0X-0X 09:XX:XX DROP TCP 193.227.146.1 192.168.XXX.XXX 80 1369 XXXX A XXXX XXX - - - RECEIVE" I probably -- I don't have the old logs around -- saw only the DROP, a known server's source address and port number 80. But this actually was the source port, and the local destination port the number behind it, that port, which was closed shortly before. Sorry for any inconvenience. Best Regards Hugo Mildenberger
