[CentOS] File retrieval from outside hangs, internally is okay, only Centos5 affected

Bent Terp bent at nagstrup.dk
Tue Oct 9 14:19:06 UTC 2007

As it turns out, the problem goes away if I use old-fashioned
iptables, that is without connection tracking. Go figure!

Take home lesson is do not use connection tracking iptables behind a
Cisco FireWall Service Module.

Is this just to be accepted as canon, or can somebody actually explain
to me WHY?

best regards,

On 10/8/07, Bent Terp <bent at nagstrup.dk> wrote:
> The only thing which shows up is that the client start sending
> duplicate ACK's, getting "Destination unreachable" as reply from the
> server (not from the Cisco). This happened 220 KB into the transfer in
> this case, but that figure varies quite a bit.

