Hi! I have found the following log entry in my firewall log (I'm running RedHat 7.3 with iptables for firewalling and masquerading):
Jul 8 22:25:11 wormhole kernel: IN=ppp0 OUT= MAC= SRC=207.171.169.16 DST=213.225.41.145 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=21031 DF PROTO=TCP SPT=80 DPT=42111 WINDOW=8760 RES=0x00 ACK RST URGP=0 The thing is that this is an answer from a website (SPT=80) I surfed on (www.amazon.de) - but my forward chain should detect it as an existing connection and let it through: #echo " FWD: Allow all connections OUT and only existing and related ones IN" $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A FORWARD -j LOG I can access this website and everything works fine, I just don't understand why a few packets get blocked at my firewall and not routed through! Is this a bug in the conntrack module? Btw: What do the ACK and RST flags mean? Where can I find some infos about the existing flags? Thnx so far! Patrick -- http://www.petermair.com
