On Sat, 30 May 2009, Christoph Paasch wrote: > one question about that: > How can the host receive the SYN packet (and afterwards send the RST), if > conntrack does not support TCP simultaneous open? The first SYN (if the firewall rules allow it) are let through the firewall and will reach the destination. If that hasn't sent SYN yet, then it'll respond with RST, which will pass the firewall too. But running tcpdump on both interfaces of the firewall would help most. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
