On Tue, Jun 12, 2001 at 03:42:13PM +0200, Alwyn Schoeman wrote: > Hi, > > I have this problem where my box cannot talk through a pix firewall which > allows everything through, but can talk to any box on the local network. On > closer investigation with tcpdump it appears that it initiates tcp > communication using flags SWE (WE is unknown to me). Local machines tend to > ignore that, but I think the pix doesn't. I get an RWE back and then nothing > happens.... > > Anyone know how this can be fixed?
Your post is a bit short on details, so here's a shot in the dark ... Are you running kernel 2.4.x? If so, _and_ you have TCP ECN enabled, that's the problem. How to check? # sysctl net.ipv4.tcp_ecn 1 means on. How to fix? Short term: # sysctl -w net.ipv4.tcp_ecn=0 Long term: Get the ECN patch from Cisco for the PIX and upgrade. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton
pgpozJBdGaTj2.pgp
Description: PGP signature
