Linux, ECN and old firewalls

• Previous message (by thread): Linux, ECN and old firewalls
• Next message (by thread): Linux, ECN and old firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Bumped into a problem where my firewall was refusing connections from a
>linux machine, found the reason and thought I would share:

saw similar problems around last august (i think) .. hotmail was refusing
connections from one of my linux boxes. a bit of research showed me the
following:

: :http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds23698)
: :     Bud ID: CSCds23698
: :     Headline: PIX sends RSET in response to tcp connections with ECN
: :   bits set
: :      Product: PIX
: :      Component: fw
: :      Severity: 2 Status: R [Resolved]
: :      Version Found: 5.1(1)
: :      Fixed-in Version: 5.1(2.206) 5.1(2.207)  5.2(1.200)
:
: fixes have been incorporated for a number of different release trains for
: the pix.
:
: Fixed-In Version now covers releases:
:          5.1(2.206), 5.1(2.207), 5.2(1.200), 6.0(0.100), 5.2(3.210)
:
: NB. it has been posted that Raptor filewalls will also apparently fail to
: allow connections with ECN bits set.

the workaround i was using was:
echo "0" >/proc/sys/net/ipv4/tcp_ecn

(though i was kind of pissed i had to even use a workaround and those
sites were being too stubborn to fix their gear).

cheers.
-ken harris.

• Previous message (by thread): Linux, ECN and old firewalls
• Next message (by thread): Linux, ECN and old firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]