Hi, just to close this one, after a lot of debugging we found the cause for this issue. When this error occurs, the SIP server is sending out two packets to the same destination (IP:port) at roughly the same time. This causes a race condition in nf_conntrack when inserting a new tuple into the conntrack table, leading to one of the two packets getting rejected by the kernel. Looks like there is no other solution for this problem than building a stateless firewall and unloading the nf_conntrack module. Best Regards, Sebastian -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
