On Mon, 2003-07-28 at 00:43, Ron Johnson wrote: <---SNIP---> > # cat /proc/sys/net/ipv4/tcp_ecn > 1 > > When /proc/sys/net/ipv4/tcp_ecn had the value "1", I couldn't get > to thatpetplace either. However, I could, after I did this, and > then restarted Mozilla: > # echo "0" > /proc/sys/net/ipv4/tcp_ecn > # cat /proc/sys/net/ipv4/tcp_ecn > 0 > > Make sure to reenable tcp_ecn when you're finished! > > # echo "1" > /proc/sys/net/ipv4/tcp_ecn > # cat /proc/sys/net/ipv4/tcp_ecn > 1
Ron, as of this writing, 12:55AM EDT, I will have to disagree with you about turning tcp_ecn back on. For about the next 2 years at least. You see, Windoze Boxen interpret the ECN Bit as a spoofing attempt. Snort on Windows sends an alert... Most router respect the bit, but "lame firewalls" like Checkpoint and thier ilk also reject those packets with that bit set. Try and goto Office Depot Commercial Service over https... watch it BARF. I had a HUGE Squid Cache 100GB of cache, 4GB of Memory on an IBM Netfinity... same Problem Helpdesk kept getting Phone calls that they can't get to this and such websites... If they turned of the proxy and used the straight connect. No Probs. If they used the Proxy no go. I argued and "vehemently discussed" the situation with the Website operator... everyone said NOBODY ELSE is calling about it... Well, Office Depot stood a good chance at losing my organization over this single little problem they wouldn't budge on. My President called thier President... amazingly it was changed, within minutes my user could connect. Very little luck with website admins whom have "drunk the Microsoft Kool-Aid" (I know drank is right but drunk get's the point across better) stating they are using "Industry Standards" and so on... Well, overall ECN is a great way to make the Internet "self-regulate" and of course the biggest obstacle is M$ products. But for quite a while yet, defaulting it to OFF is a good thing. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
