Re: 2.6.9 tcp problems

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel <kernel@nea-fast.com>
To: linux-kernel@vger.kernel.org
Subject: Re: 2.6.9 tcp problems
Date: Mon, 29 Nov 2004 14:44:44 -0500	[thread overview]
Message-ID: <41AB7C2C.3070505@nea-fast.com> (raw)

Stephen Hemminger wrote:

> On Mon, 29 Nov 2004 13:03:34 -0500
> kernel <kernel@nea-fast.com> wrote:
>
>  
>
>> I've run into a problem with 2.6.(8.1,9) after installing a secondary 
>> firewall. When I try to pull data through the original firewall 
>> (mail, http, ssh), it stops after approx. 260k. Running ethereal 
>> tells me "A segment before the frame was lost" followed by a bunch 
>> of  "This is a TCP duplicate ack" when using ssh. All 2.4.x machines 
>> and windows clients work fine. I built 2.4.28 and it works fine from 
>> my machine. I also fiddled with tcp_ecn and that didn't fix it 
>> either. I don't have any problems communicating to "local" machines. 
>> I've attached the tcpdump output from an scp attempt. NIC is a 3Com 
>> Corporation 3c905B.
>>   
>
>
> What kind of firewall?  There are firewalls that are too stupid and don't
> understand TCP window scaling.
>
>  
>
It's a fortigate 60.  We put our secure web servers behind a netscreen 5 
firewall which plugs into the fortigate and that's when the problems 
started.  I remember reading some stuff on lkm about recent tcp changes 
but I couldn't remember exactly what it was. Thanks for reminding me !

Here is how it's layed out now
secure_web_servers->netscreen->fortigate->rest_of_network

Thanks !
walt

next             reply	other threads:[~2004-11-29 19:48 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-29 19:44 kernel [this message]
2004-12-01 14:11 ` 2.6.9 tcp problems Mark Watts
  -- strict thread matches above, loose matches on Subject: below --
2004-11-29 18:03 kernel
2004-11-29 18:35 ` Stephen Hemminger
2004-11-30  6:43 ` Willy Tarreau
2004-11-30 15:44 ` John Heffner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41AB7C2C.3070505@nea-fast.com \
    --to=kernel@nea-fast.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.