* Refused SYN packets for 15min.
@ 2004-02-25 16:33 Domenico Gargano
0 siblings, 0 replies; only message in thread
From: Domenico Gargano @ 2004-02-25 16:33 UTC (permalink / raw)
To: netfilter
Hi all,
I've got a strange problem on my fw, here's my lan:
Fw with 3 eth
eth0: external router
eth1: internal LAN
eth2: DMZ
During the day, sometimes happens that the fw stop accepting incoming SYN packet
(and I can't establish a new connection) for 15 min. mantainig instead the
ESTABLISHED connection.
I've disabled syn-floodin protection in kernel, I've tried flushing rules, raised kernel
buffers, looked inside /proc/net/ip_conntrack finding nothing strange.
My client coming from Internet can't see my website, or a LAN client can't connect to
internet or DMZ.
During this "ban" time (15 min.) it seems I can't do nothing restoring connections.
Also it seems that my fw "ban" not all the net, but some client.
Any ideas?
Thanks
my sys: rh9, kernel 2.4.20-30.9 (latest official patch)
my hw: 2cpu PIII Xeon + 1,5gb RAM
--
~~~~ Domenico Gargano [Network Administrator] ~~~~
Planetek Italia s.r.l. :tel:+39 080 5343750
Via Massaua, 12 - I-70123 BARI :fax:+39 080 5340280
~~~ email: gargano@planetek.it ~~~ www.planetek.it ~~~
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-02-25 16:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-02-25 16:33 Refused SYN packets for 15min Domenico Gargano
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.