Re: iptables in 2.4.10, 2.4.11pre6 problems

From: Jeffrey W. Baker (
Date: Tue Oct 09 2001 - 13:31:28 EST

On 9 Oct 2001, Trever L. Adams wrote:

> On Tue, 2001-10-09 at 13:07, Jeffrey W. Baker wrote:
> > I see this too. iptables is refusing packets on locally-initiated TCP
> > connections when the RELATED,ESTABLISHED rule should be letting them
> > through.
> >
> > I mentioned this problem on the netfilter list but my message fell into
> > a black hole and was apparently beyond the horizon of the developers.
> >
> > -jwb
> Maybe I misunderstand you, define locally-initiated. Do you mean net or
> do you mean box? Mine happens on connections made by the firewall
> (proxy for web) and on other connections initiated internally. We
> currently only allow identd and a few others from external (identd is
> spoofed more or less).

I mean connections originating from userland processes running on the
machine with iptables configured. This machine does not act as a NAT or
router for any other machine.

We make about 200000 outbound connections to web sites in a day. Of these
connections, a few thousand get fucked up by iptables (iptables suddenly
decides to drop packets on this connection).


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Oct 15 2001 - 21:00:26 EST