Damn, I knew it ... I had set this up because of some people doing too many requests on ssh etc. - and because of lazyness I added all port-numbers under one rule - and didn't take it out any more...
Thx for the Hint. I didn't see the forest because of the trees anymore ... Cheers Joerg <quote who="Tom Eastep"> > Joerg Mertin wrote: >> Hi there, >> >> <quote who="Tom Eastep"> >> [...] >>> It most likely means that, for some reason, the packets are not >>> matching >>> either the DNAT rule or an existing conntrack entry. >> >> Well - the funny thing is that Firefox does not have that beheaviour - >> and >> I don't know why. Could it be a portscanning-detection that activates ? > > Shorewall has no portscanning-detection. > > >> http://www.solsys.org/linux/shorewall_dump.txt > > You have a limit on your DNAT rule!!!!!!!!!!!! Anything in excess of the > limit will be rejected in the world2fw chain. IE tends to open more > parallel > connections than Mozilla. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ [EMAIL PROTECTED] > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/_______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- ------------------------------------------------------------------------ | Joerg Mertin : [EMAIL PROTECTED] (Home)| | in Forchheim/Germany : [EMAIL PROTECTED] (Alt1)| | Stardust's LiNUX System : | | Web: http://www.solsys.org | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
