* 2.6.9 tcp problems
@ 2004-11-29 18:03 kernel
2004-11-30 6:43 ` Willy Tarreau
2004-11-30 15:44 ` John Heffner
0 siblings, 2 replies; 3+ messages in thread
From: kernel @ 2004-11-29 18:03 UTC (permalink / raw)
To: netdev; +Cc: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 648 bytes --]
I've run into a problem with 2.6.(8.1,9) after installing a secondary
firewall. When I try to pull data through the original firewall (mail,
http, ssh), it stops after approx. 260k. Running ethereal tells me "A
segment before the frame was lost" followed by a bunch of "This is a
TCP duplicate ack" when using ssh. All 2.4.x machines and windows
clients work fine. I built 2.4.28 and it works fine from my machine. I
also fiddled with tcp_ecn and that didn't fix it either. I don't have
any problems communicating to "local" machines. I've attached the
tcpdump output from an scp attempt. NIC is a 3Com Corporation 3c905B.
Thanks !
walt
[-- Attachment #2: dump.txt.gz --]
[-- Type: application/x-gzip, Size: 1165 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: 2.6.9 tcp problems
2004-11-29 18:03 2.6.9 tcp problems kernel
@ 2004-11-30 6:43 ` Willy Tarreau
2004-11-30 15:44 ` John Heffner
1 sibling, 0 replies; 3+ messages in thread
From: Willy Tarreau @ 2004-11-30 6:43 UTC (permalink / raw)
To: kernel; +Cc: netdev, linux-kernel
It is possible that the autoneg code has changed between 2.4 and 2.6
for the interface connected to the current firewall, and that you lose
packets because of a duplex mismatch. Please check the negociation
with ethtool on your system, and do so on the other firewall.
Regards,
willy
On Mon, Nov 29, 2004 at 01:03:34PM -0500, kernel wrote:
> I've run into a problem with 2.6.(8.1,9) after installing a secondary
> firewall. When I try to pull data through the original firewall (mail,
> http, ssh), it stops after approx. 260k. Running ethereal tells me "A
> segment before the frame was lost" followed by a bunch of "This is a
> TCP duplicate ack" when using ssh. All 2.4.x machines and windows
> clients work fine. I built 2.4.28 and it works fine from my machine. I
> also fiddled with tcp_ecn and that didn't fix it either. I don't have
> any problems communicating to "local" machines. I've attached the
> tcpdump output from an scp attempt. NIC is a 3Com Corporation 3c905B.
>
> Thanks !
> walt
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: 2.6.9 tcp problems
2004-11-29 18:03 2.6.9 tcp problems kernel
2004-11-30 6:43 ` Willy Tarreau
@ 2004-11-30 15:44 ` John Heffner
1 sibling, 0 replies; 3+ messages in thread
From: John Heffner @ 2004-11-30 15:44 UTC (permalink / raw)
To: kernel; +Cc: netdev, linux-kernel
On Mon, 29 Nov 2004, kernel wrote:
> I've run into a problem with 2.6.(8.1,9) after installing a secondary
> firewall. When I try to pull data through the original firewall (mail,
> http, ssh), it stops after approx. 260k. Running ethereal tells me "A
> segment before the frame was lost" followed by a bunch of "This is a
> TCP duplicate ack" when using ssh. All 2.4.x machines and windows
> clients work fine. I built 2.4.28 and it works fine from my machine. I
> also fiddled with tcp_ecn and that didn't fix it either. I don't have
> any problems communicating to "local" machines. I've attached the
> tcpdump output from an scp attempt. NIC is a 3Com Corporation 3c905B.
Try `echo 0 > /proc/sys/net/ipv4/tcp_window_scaling'. If this makes it
work, it's almost certainly a buggy firewall.
Also, tcpdumps are far more useful if they are binary (tcpdump -w) and
capture the beginning of the connection.
-John
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-11-30 15:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-29 18:03 2.6.9 tcp problems kernel
2004-11-30 6:43 ` Willy Tarreau
2004-11-30 15:44 ` John Heffner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).