IPtables flagging packets invalid, no access

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Hi all,

Looking to get some help on an issue I'm having, preventing me from getting
 a certain new location going. New datacenter, connecting the feed they're  
providing me to L3 switch. Have not been able to set up a proper iptables f
irewall in this location (everything is blocked, no access). Only way to ac
cess is adding my IP to allow list.

Packets are being flagged as invalid, no reply to [SYN] packets from the se
rver. Not sure if this is whats blocking or not.

This is what most of the blockings are saying:
    kernel: [20604.837769] Firewall: *TCP_IN Blocked* IN=venet0 OUT= MA
C= SRC=*MYIP* DST=*SERVERIP* LEN=48 TOS=0x00 PREC=0x00 TTL=11
2 ID=15851 DF PROTO=TCP SPT=61742 DPT=21 WINDOW=8192 RES=0x00 S
YN URGP=0  

Here's the invalid packet:
    kernel: [16708.550424] Firewall: *INVALID* IN=venet0 OUT= MAC= SR
C=MYIP DST=SERVERIP LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=1228
1 DF PROTO=TCP SPT=60992 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

I ran a Wireshark & tcpdump simultaneously to catch client/server side and  
here was the result:
Client side (my PC):
    77 4.434317000 192.168.2.244 SERVER-IP TCP 66 63866 > http [SYN] Seq=
0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

Server side (server tcpdump)
    1 0.000000 MY-ISP-IP SERVER-IP TCP 68 61992 > http [SYN] Seq=0 Win=
8192 Len=0 MSS=1452 WS=4 SACK_PERM=1

So the only thing I notice is that the server-side MSS is different then wh
at the client (my PC) sent out. Is this normal, is this what's flagging as  
invalid?

Basically I'm trying to setup a cPanel server with csf firewall (which uses
 iptables) but as soon as its active I get no access, have to log onto VPS  
node, drop into via 'vzctl enter *' and shutdown iptables.

For hardware I'm using a Nortel Baystack 5510 L3 switch, and I believe that
 the DC is using a Cisco ASA but I could be wrong.

Any suggestions to the solution here would be greatly appreciated!! :)

Site Timeline