Hi, On Mon 14 Nov 2011 12:57:45 PM CET, Simon James wrote:
The problem seems to arise when the server initiates the close of the connection. In that case, the trace output shows:
1. the FIN from the server passing through the mangle:OUTPUT, filter:OUTPUT and filter:POSTROUTING tables 2. a FIN/ACK from the client arriving and passing through mangle:PREROUTING, mangle:INPUT and filter:INPUT tables 3. a final ACK from the server passing through the mangle:OUTPUT tables but getting no further.
This might be related to a problem we've fixed about a month ago in the upstream kernel: https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h... The fix made it into Linux 3.1. Can you somehow give it a try? (Backporting to your F14 kernel should be fairly trivial, since it's a one-line change in tcp_minisocks.c.) -- KOVACS Krisztian