Strange Problem in 2.4.0

Strange Problem in 2.4.0

Post by Konstantinos Agour » Mon, 29 Jan 2001 19:09:28



Hello,

I have a very strange problem in 2.4.0. To make it short since I upgraded
I can't reach www.amazon.de anymore (I tried it using telnet to port 80).
All I see in the tcpdump are syn-requests and no packets returning.
Going back to 2.2.18 I get a connect. Interestingly enough www.amazon.fr which
is in the same net (one is .16 the other .17) has the same problem.
Is it possible that by default a flag in the tcp-header is set differently
and this might cause amazon's firewall to block me out? I can reach amazon.com
though.

The Linux-Machine is connected via ISDN. I have ipchains-filter-rules in
place in compatibility-mode but even after removing them I had no luck.

Konstantin
--

Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not sustain the forming of the cosmos." B'Elana Torres

 
 
 

Strange Problem in 2.4.0

Post by Bernd Eckenfel » Mon, 29 Jan 2001 22:03:27



> I have a very strange problem in 2.4.0. To make it short since I upgraded
> I can't reach www.amazon.de anymore (I tried it using telnet to port 80).
> All I see in the tcpdump are syn-requests and no packets returning.

You have configured your kernel, most likely without reading the help for the
options. Just turn off ECN or recompile your kernel:

echo 0 > /proc/sys/net/ipv4/tcp_ecn

CONFIG_INET_ECN
  Explicit Congestion Notification (ECN) allows routers to notify
  clients about network congestion, resulting in fewer dropped packets
  and increased network performance. This option adds ECN support to the
  Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which
  allows ECN support to be disabled at runtime.

  Note that, on the Internet, there are many broken firewalls which
  refuse connections from ECN-enabled machines, and it may be a while
  before these firewalls are fixed. Until then, to access a site behind
  such a firewall (some of which are major sites, at the time of this
  writing) you will have to disable this option, either by saying N now
  or by using the sysctl.

  If in doubt, say N.

Greetings
Bernd