As it turns out, the problem goes away if I use old-fashioned iptables, that is without connection tracking. Go figure!
Take home lesson is do not use connection tracking iptables behind a Cisco FireWall Service Module. Is this just to be accepted as canon, or can somebody actually explain to me WHY? best regards, Bent On 10/8/07, Bent Terp <[EMAIL PROTECTED]> wrote: > The only thing which shows up is that the client start sending > duplicate ACK's, getting "Destination unreachable" as reply from the > server (not from the Cisco). This happened 220 KB into the transfer in > this case, but that figure varies quite a bit. > _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
