Hello, All - I'm just getting started with netfilter, although I understand packet filtering and have configured other firewalls. This is a very simple desktop machine firewall that works fine in general, but is giving me problems with one site in particular that's very important. My rule set is extremely simple at present: :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [6:358] :U804-input - [0:0] -A INPUT -j U804-input -A U804-input -i lo -j ACCEPT -A U804-input -p icmp -j ACCEPT -A U804-input -m state --state RELATED,ESTABLISHED -j ACCEPT -A U804-input -p tcp -m tcp --dport 22 -j ACCEPT -A U804-input -j DROP The one site that gives me problems is an online classroom environment running Angel LMS. With the above rules installed changing pages often takes 15-20 minutes, but will usually work eventually. If I flush the chains, the site responds normally. I have packet captures from connections to this site, with and without firewall rules installed. I don't see anything that should be blocked based on these rules - the only thing odd is that when the problem occurs I get a ton of retransmissions from the server. Another oddity in both cases is that virtually every packet coming from the server is fragmented; but from what I've read, connection tracking (which is running on this machine) should completely reassemble fragmented packets before delivery to the filter table. Still, could fragmentation be the problem? What little I know about the server end is that it is running the Angel Learning Management System (LMS) on IIS. I don't yet know the path MTU, but my local machine and router are both set to 1500, which is what I would normally use for a high-speed connection. Any ideas appreciated. Thanks, Mark Baker -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
