Re: 2.6.9 tcp problems

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: kernel <kernel@nea-fast.com>
To: linux-kernel@vger.kernel.org
Subject: Re: 2.6.9 tcp problems
Date: Mon, 29 Nov 2004 14:44:44 -0500	[thread overview]
Message-ID: <41AB7C2C.3070505@nea-fast.com> (raw)

Stephen Hemminger wrote:

> On Mon, 29 Nov 2004 13:03:34 -0500
> kernel <kernel@nea-fast.com> wrote:
>
>  
>
>> I've run into a problem with 2.6.(8.1,9) after installing a secondary 
>> firewall. When I try to pull data through the original firewall 
>> (mail, http, ssh), it stops after approx. 260k. Running ethereal 
>> tells me "A segment before the frame was lost" followed by a bunch 
>> of  "This is a TCP duplicate ack" when using ssh. All 2.4.x machines 
>> and windows clients work fine. I built 2.4.28 and it works fine from 
>> my machine. I also fiddled with tcp_ecn and that didn't fix it 
>> either. I don't have any problems communicating to "local" machines. 
>> I've attached the tcpdump output from an scp attempt. NIC is a 3Com 
>> Corporation 3c905B.
>>   
>
>
> What kind of firewall?  There are firewalls that are too stupid and don't
> understand TCP window scaling.
>
>  
>
It's a fortigate 60.  We put our secure web servers behind a netscreen 5 
firewall which plugs into the fortigate and that's when the problems 
started.  I remember reading some stuff on lkm about recent tcp changes 
but I couldn't remember exactly what it was. Thanks for reminding me !

Here is how it's layed out now
secure_web_servers->netscreen->fortigate->rest_of_network

Thanks !
walt

next             reply	other threads:[~2004-11-29 19:48 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-29 19:44 kernel [this message]
2004-12-01 14:11 ` 2.6.9 tcp problems Mark Watts
  -- strict thread matches above, loose matches on Subject: below --
2004-11-29 18:03 kernel
2004-11-29 18:35 ` Stephen Hemminger
2004-11-30  6:43 ` Willy Tarreau
2004-11-30 15:44 ` John Heffner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41AB7C2C.3070505@nea-fast.com \
    --to=kernel@nea-fast.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox