* iptables drops _some_ valid packets @ 2006-09-19 13:52 Daniel 2006-09-19 16:31 ` Pascal Hambourg 0 siblings, 1 reply; 3+ messages in thread From: Daniel @ 2006-09-19 13:52 UTC (permalink / raw) To: netfilter Hi all, Im running a small network behind a firewall running iptables 1.3.5 doing NAT. The firewall has two NICs, eth0 for the LAN and eth1 to a adsl modem. Im having problems with iptables dropping some packets that belong to an established/valid connection. I think this only occurs with http/https traffic. For example, if I have a client on LAN browsing somesite.com the connection gets tracked and iptables allows packets coming and going but, and here is my problem, it will drop *some* packets coming from somesite.com . Hence my logs get filled with this packets that should have gone through. As you might imagine this is rather annoying, even more so when I havent been able to find a solution browsing google for countless hours. Please if this post lacks information, let me know and Ill post whatever you need. Thank you, Daniel. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables drops _some_ valid packets 2006-09-19 13:52 iptables drops _some_ valid packets Daniel @ 2006-09-19 16:31 ` Pascal Hambourg 2006-09-19 17:16 ` Daniel 0 siblings, 1 reply; 3+ messages in thread From: Pascal Hambourg @ 2006-09-19 16:31 UTC (permalink / raw) To: netfilter Hello, Daniel a écrit : > > Im having problems with iptables dropping some packets that belong to > an established/valid connection. If the kernel is >= 2.6.9 or includes the patch "tcp-window-tracking" from the Netfilter patch-o-matic-ng, try to set the kernel parameter /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal to 1. See http://www.netfilter.org/projects/patch-o-matic/pom-submitted.html#pom-submitted-tcp-window-tracking ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables drops _some_ valid packets 2006-09-19 16:31 ` Pascal Hambourg @ 2006-09-19 17:16 ` Daniel 0 siblings, 0 replies; 3+ messages in thread From: Daniel @ 2006-09-19 17:16 UTC (permalink / raw) To: netfilter Hello, Setting /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal to 1 did not solve the issue. Thanks On 9/19/06, Pascal Hambourg <pascal.mail@plouf.fr.eu.org> wrote: > Hello, > > Daniel a écrit : > > > > Im having problems with iptables dropping some packets that belong to > > an established/valid connection. > > If the kernel is >= 2.6.9 or includes the patch "tcp-window-tracking" > from the Netfilter patch-o-matic-ng, try to set the kernel parameter > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal to 1. > See > http://www.netfilter.org/projects/patch-o-matic/pom-submitted.html#pom-submitted-tcp-window-tracking > > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-09-19 17:16 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-09-19 13:52 iptables drops _some_ valid packets Daniel 2006-09-19 16:31 ` Pascal Hambourg 2006-09-19 17:16 ` Daniel
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.