On Thursday 22 October 2009 20:45:47 Carl Michal wrote: > I'm having some troubles with what should be a very simple firewall to > simply protect a local machine. When the firewall is enabled, ssh and scp > connections will sometimes hang indefinitely. I've tried configuring the > firewall (which blocks all incoming requests to ports 0:1023 except ssh > and icmp) with several different tools: firehol, ufw and lutelwall. If > the firewall is turned off, the problem disappears. With lutelwall there > is an option to create a non-stateful firewall - if that is done, the > problem also disappears. > > My syslog does show dropped packets that appear to be the cause of the > problem. From tcpdumps at both ends of the connection it looks like the > problem happens if large packets are sent out from behind the firewall and > then arrive in pieces at the other end with a piece missing. ack > packets coming back in are dropped, and the connection never recovers. > > Any help in diagnosing this would be much appreciated. > Send your configuration, as root or using sudo do: iptables -L -vn iptables -L -vn -t mangle iptables -L -vn -t nat -- Karl Hiramoto -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
