Displaying 3 results from an estimated 3 matches for "ip_conntrack_tcp_loose".
2007 Mar 26
0
Re: Expected handling of [SYN] when expecting[SYN, ACK]?
...ter connection tracking is
dropping them as invalid. You can see if that is happening by
echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid
modprobe ipt_LOG
If you see packets being logged (they are logged on any console), then
you can try manipulating
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose and
ip_conntrack_tcp_be_liberal.
I''ve taken a quick look and didn''t find the documentation for those so
you''ll have to do the Google search.
The Shorewall-generated netfilter ruleset can also silently drop packets
through it''s ''Default Actions''...
2007 Mar 23
1
Expected handling of [SYN] when expecting [SYN, ACK]?
Hi,
I''ve been developing a peer-to-peer application, and have recently been
trying to add STUNT
(http://www.cis.nctu.edu.tw/~gis87577/xDreaming/XSTUNT/Docs/XSTUNT%20Ref
erence.htm) to allow firewall/NAT traversal. I got a box with Shorewall
to use for testing, and am now trying to work out whether Shorewall is
actually designed to prevent such connections? I notice in the FAQs that
2007 Apr 10
2
policy routing with two shorewalls
I have, for the time being, decided to split my dual ISP/single
shorewall connection into two shorewall connections/boxes, each handling
one ISP.
I am running OSPF in the network and so far things are working out
fairly well (from a client of the two gateways).
$ ip route ls
10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20
192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric