Am Freitag 13 April 2007 16:31 schrieben Sie:
>There's a few conntrack helper around: FTP, IRC, H323, SIP, etc.
Clearly, but of these, I use only FTP, if any.
> The very first step to me is reliably reproducing your issue.
This is what I tried meanwhile. The result (gained manually by means of
a telnet client while having established a ssh session in the opposite
direction) is completely negative: netfilter actually turns down reverse
directed packets even if RELATED state is configured as acceptable.
It's somewhat hard to admit, but for truth's sake: I must have misinterpreted
an unusual windows firewall log entry. On certain conditions, most probably
when the loading of a web page is interrupted somehow, the receiving socket
is already shut down while the server still continues sending. Apparently
because the Windows firewall had started blocking the socket's associated
port, he drops a message which roughly reads :
"2007-0X-0X 09:XX:XX DROP TCP 193.227.146.1 192.168.XXX.XXX 80 1369 XXXX A
XXXX XXX - - - RECEIVE"
I probably -- I don't have the old logs around -- saw only the DROP, a known
server's source address and port number 80. But this actually was the source
port, and the local destination port the number behind it, that port, which
was closed shortly before. Sorry for any inconvenience.
Best Regards
Hugo Mildenberger
|