FX30 ignores SYNACK

My FX30 is unable to complete a TCP connection over the rmnet0 interface. In tcpdump+Wireshark I see the gateway send SYN, I see the server respond with SYNACK, but the gateway never sends the final ACK. Instead it retransmits SYN after a delay of 1, then 2, then 4 seconds.

ICMP works fine
DNS works fine
TCP works fine on usb0
Latency to google.com is between 410 and 420 ms
Release 13 firmware works fine on my Mangoh Green
I’ve swapped SIM cards between the FX30 and Magnoh Green

Any ideas?

Solved it - I thought I’d checked iptables against the Mangoh Green, but as described in the user’s guide,

Mangoh gets rules from /etc/iptables/rules.v4
FX30 ignores /etc/iptables/rules.v4 and instead uses /etc/iptables.rules

So I needed to allow incoming responses to established connections:

sed “s/-A INPUT -i rmnet0 -j DROP/-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n&/” -i /etc/iptables.rules ; reboot