I'm having some troubles with what should be a very simple firewall to
simply protect a local machine. When the firewall is enabled, ssh and scp
connections will sometimes hang indefinitely. I've tried configuring the
firewall (which blocks all incoming requests to ports 0:1023 except ssh
and icmp) with several different tools: firehol, ufw and lutelwall. If
the firewall is turned off, the problem disappears. With lutelwall there
is an option to create a non-stateful firewall - if that is done, the
problem also disappears.
My syslog does show dropped packets that appear to be the cause of the
problem. From tcpdumps at both ends of the connection it looks like the
problem happens if large packets are sent out from behind the firewall and
then arrive in pieces at the other end with a piece missing. ack
packets coming back in are dropped, and the connection never recovers.
Any help in diagnosing this would be much appreciated.
Carl
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
