On 05/25/08 02:55, Mark Baker wrote:
I have packet captures from connections to this site, with and without firewall rules installed. I don't see anything that should be blocked based on these rules - the only thing odd is that when the problem occurs I get a ton of retransmissions from the server. Another oddity in both cases is that virtually every packet coming from the server is fragmented; but from what I've read, connection tracking (which is running on this machine) should completely reassemble fragmented packets before delivery to the filter table. Still, could fragmentation be the problem?
Based on the retransmissions, it sounds like something is expecting to get something through and have it acknowledged that is not.
I'd look at what is being re-transmitted and see if it needs to get through and / or if there is an unacknowledged reply that is being blocked.
Grant. . . . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
