From: Eric House <fixin@peak.org>
To: user-mode-linux-devel@lists.sourceforge.net
Subject: [uml-devel] Some firewalls require disabling ECN in the UML kernel
Date: Sat, 24 Jul 2004 18:50:32 -0700 [thread overview]
Message-ID: <20040725015031.GN783@peak.org> (raw)
This mail details the solution to a problem I had with UML networking.
My UML instance was able to ping any host on the LAN or internet, but
could only make TCP connections within the LAN. On looking closer I
found that the initial packets were making it from the host to the
router and then to my cable modem but not reaching the internet
server. I was unable to determine whether the cable modem was
dropping them (or why), or whether they were making it further.
Eventually I looked closely at the packets leaving the router, both
for (successful) telnet connections from non-UML hosts and for the
(doomed) attempt from the UML instance. The only difference,
according to tcpdump running on the router, was that the
non-UML-sourced packets had only the S flag set while the UML-sourced
packets had three set: SWE.
The first hit when googling for "tcpdump SWE" is
http://lists.debian.org/debian-user/2001/06/msg01577.html
a page that explains that some commercial firewalls block packets for
which TCP ECN is enabled. And sure enough, the kernel that's part of
Debian's UML package has it enabled. Once I turned it off using the
following command all was well. I'm currently running apt-get to
bring the rootfs up to date.
sysctl -w net.ipv4.tcp_ecn=0
Of course I still don't know where the packets were getting blocked,
but my ActionTek DSL modem is the most likely suspect.
UML rocks! Thanks!
--Eric House
--
******************************************************************************
* From the desktop of: Eric House, fixin@peak.org *
* Crosswords 4.0.6 for PocketPC is out!: <http://xwords.sourceforge.net> *
******************************************************************************
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
next reply other threads:[~2004-07-25 1:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-25 1:50 Eric House [this message]
2004-07-25 5:26 ` [uml-devel] Some firewalls require disabling ECN in the UML kernel William Stearns
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040725015031.GN783@peak.org \
--to=fixin@peak.org \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.