Linux, ECN and old firewalls
Lee Watterworth
lwatterworth at rim.net
Fri Apr 27 19:53:17 UTC 2001
Hello all,
Bumped into a problem where my firewall was refusing connections from a
linux machine, found the reason and thought I would share:
==============================
CONFIG_INET_ECN:
Explicit Congestion Notification (ECN) allows routers to notify
clients about network congestion, resulting in fewer dropped packets
and increased network performance. This option adds ECN support to
the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn)
which allows ECN support to be disabled at runtime.
Note that, on the Internet, there are many broken firewalls which
refuse connections from ECN-enabled machines, and it may be a while
before these firewalls are fixed. Until then, to access a site behind
such a firewall (some of which are major sites, at the time of this
writing) you will have to disable this option, either by saying N now
or by using the sysctl.
More information about the NANOG
mailing list