Hi Krisztian, --- KOVACS Krisztian <hidden@balabit.hu> wrote:
Thanks for the detailed problem report... This seems to be a quite tough problem, and a very curious interaction between different parts of Netfilter. At the moment I do not have any better ideas than checking IPS_TPROXY, but I hope that the problem can be investigated in more detail on the Netfilter workshop.
Just FYI, we did try checking IPS_TPROXY at the point where do_extra_mangle() is called, but it seems like, at that point, the flag has not yet been set in the conntrack record, so it didn't work out. Thanks for your reply and anything you can come up with at the workshop! Tim _______________________________ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush