I guess lwIP could get a hint and recover (quite) faster if it got RST for response instead of silence. Try without the firewall in between. Nevertherless, can you please post a capture file so we can get the whole picture ? I think you have a memory hog problem and you need to detect/recover at application level.
Without the firewall everything is alright, but I want my server to be able to cope with such situations, meaning that other connections should not be affected. I will provide a Wireshark capture as soon as I can reproduce the issue.
I attempt to recover at application level by closing the stale connection, but it seems that the socket still survives the close() call, as I could still see retransmissions in Wireshark.
Is there another way to recover from this case without relying on a RST from the peer? I would be fine with lower the retransmission timeout, but I don't know how to do that.
Daniel