nanog mailing list archives
Linux, ECN and old firewalls
From: Lee Watterworth <lwatterworth () rim net>
Date: Fri, 27 Apr 2001 15:53:17 -0400
Hello all, Bumped into a problem where my firewall was refusing connections from a linux machine, found the reason and thought I would share: ============================== CONFIG_INET_ECN: Explicit Congestion Notification (ECN) allows routers to notify clients about network congestion, resulting in fewer dropped packets and increased network performance. This option adds ECN support to the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which allows ECN support to be disabled at runtime. Note that, on the Internet, there are many broken firewalls which refuse connections from ECN-enabled machines, and it may be a while before these firewalls are fixed. Until then, to access a site behind such a firewall (some of which are major sites, at the time of this writing) you will have to disable this option, either by saying N now or by using the sysctl.
Current thread:
- Linux, ECN and old firewalls Lee Watterworth (Apr 27)
- Re: Linux, ECN and old firewalls ken harris. (Apr 29)
- Re: Linux, ECN and old firewalls Jason Slagle (Apr 29)
- The PIX isn't 'broken' ( was Re: Linux, ECN and old firewalls ) Roland Dobbins (Apr 29)
- Re: The PIX isn't 'broken' ( was Re: Linux, ECN and old firewalls ) Roland Dobbins (Apr 29)
- Re: Linux, ECN and old firewalls Jason Slagle (Apr 29)
- Re: Linux, ECN and old firewalls ken harris. (Apr 29)