On Thu, 2005-02-24 at 17:54 -0500, Jan Morales wrote: > The PC is new. 1GB RAM, 3.2GHz P4HT. I never saw this issue on another > PC running RHEL3 with 512MB RAM and 1.4GHz P4. > > There's nothing wrong with the iptables file, is there? > > >># Firewall configuration written by redhat-config-securitylevel > >># Manual customization of this file is not recommended. > >>*filter > >>:INPUT ACCEPT [0:0] > >>:FORWARD ACCEPT [0:0] > >>:OUTPUT ACCEPT [0:0] > >>:RH-Firewall-1-INPUT - [0:0] > >>-A INPUT -j RH-Firewall-1-INPUT > >>-A FORWARD -j RH-Firewall-1-INPUT > >>-A RH-Firewall-1-INPUT -i lo -j ACCEPT > >>-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > >>-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > >>-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j > >>ACCEPT > >>-A RH-Firewall-1-INPUT -j LOG -d 192.168.0.5 --log-prefix "iptables: " > >>-A RH-Firewall-1-INPUT -j DROP > >>COMMIT Remember to post at the bottom of the discussion, not the top. This script looks fine. I think the difference in behavior is caused by the way that connection tracking works in Fedora, as opposed to RHEL3. They may have changed the code in the connection tracking module between those two releases. The packets are dropped because they have a destination IP of 192.168.0.5 and are not being seen as being associated with an ESTABLISHED connection. If your outbound services, POP and web browsing, are operating in a sufficient manner, then I wouldn't worry about the dropped packets. Ian
