and lives under the floor tiles.
This machine runs Ubuntu Server 9.10 and acts as the labs NATing firewall. All this is done using an iptables script. This was a real upgrade, and network performance improved noticeably. Unfortunately, we would occasionally get dropped connections. This was most noticeable when logging in from outside using ssh where, after a few seconds the connection would get dropped with the error message
connection reset by peer.It would also happen sometimes when downloading large files over HTTP.
After putting up with this for a few months, we spent an afternoon hunting it down. The problem seems to be traceable to a Cisco router in our university that does something it's not supposed to. In short, the Linux TCP/IP iptables/conntrack implementation adheres a little too strictly to standards and was closing a connection when the Cisco router sent it something not completely kosher. Since there was no hope of changing the way the Cisco router works, we found that this little gem takes care of the problem:
echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
Voila. Problem solved.