search for: ip_conntrack_tcp_loose

...ter connection tracking is dropping them as invalid. You can see if that is happening by echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid modprobe ipt_LOG If you see packets being logged (they are logged on any console), then you can try manipulating /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose and ip_conntrack_tcp_be_liberal. I''ve taken a quick look and didn''t find the documentation for those so you''ll have to do the Google search. The Shorewall-generated netfilter ruleset can also silently drop packets through it''s ''Default Actions''...

Hi, I''ve been developing a peer-to-peer application, and have recently been trying to add STUNT (http://www.cis.nctu.edu.tw/~gis87577/xDreaming/XSTUNT/Docs/XSTUNT%20Ref erence.htm) to allow firewall/NAT traversal. I got a box with Shorewall to use for testing, and am now trying to work out whether Shorewall is actually designed to prevent such connections? I notice in the FAQs that

I have, for the time being, decided to split my dual ISP/single shorewall connection into two shorewall connections/boxes, each handling one ISP. I am running OSPF in the network and so far things are working out fairly well (from a client of the two gateways). $ ip route ls 10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20 192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric