: Iptables Blocks Out Going Connetion Some Times

Home » CentOS » : Iptables Blocks Out Going Connetion Some Times
CentOS No Comments

Yes, I have double checked and am sure there is no IP address conflicts.

Likun

the same problem from time to time, most of time they are good. storage server, so not much data flowing at this time. addressing conflicts in play?

Iptables Blocks Out Going Connetion Some Times

Home » CentOS » Iptables Blocks Out Going Connetion Some Times

One thought on - Iptables Blocks Out Going Connetion Some Times

  • I believe you are saying both 10.3.3.3 and 10.3.3.4 have this same firewall but I am not sure.

    had something extra tagged NONE tagged in it [S.]. Do the packets which don’t trigger an ICMP return contain a [SA] or a [S.] ?

    My guess is that something in that return packet is making the cstate not be NEW or ESTABLISHED and so it is failing down to the drop. If the packets which are accepted look the same then I would look to see if the conntrack table is overflowing.. if the memory is tight and the traffic is high, streams will get pushed out and you will get similar failures. That however usally puts something in dmesg when it happens. Sorry I don’t have a better answer and I am looking forward to someone correcting my mistakes here :).


    Stephen J Smoogen.