Could my problem of getting connection denied from all
hosts outside a firewall be caused by
CONFIG_INET_ECN=y
in the cooker version of 2.4.7-14mdk?
I read the following from the help-text:
CONFIG_INET_ECN:
Explicit Congestion Notification (ECN) allows routers to notify
clients about network congestion, resulting in fewer dropped packets
and increased network performance. This option adds ECN support to the
Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which
allows ECN support to be disabled at runtime.
Note that, on the Internet, there are many broken firewalls which
refuse connections from ECN-enabled machines, and it may be a while
before these firewalls are fixed. Until then, to access a site behind
such a firewall (some of which are major sites, at the time of this
writing) you will have to disable this option, either by saying N now
or by using the sysctl.
If in doubt, say N.
Any comments are appreciated.
-- Bjarne
Bjarne Thomsen wrote:
>
> Hello Juergen,
>
> I have experienced something related (or maybe the same).
>
> I installed the the binary kernel-2.4.7-13mdk from the cooker,
> after having upgraded the packages relating to ext3.
>
> I also whanted to see if a reiserfs file system now could
> be mounted correctly on an SGI machine (2.4.3 had problems with that).
>
> Everything went well at first.
> (a) Yes, reiserfs partitions can now be mounted correctly by NFS.
> (b) Yes, ext3 journaling now seems to work.
> (c) I can connect to computers on our local net by ssh, ftp, and http.
> (d) I can correctly ping and traceroute systems outside our firewall.
> (e) The same kernel works fine on my home-PC via a ppp connection.
>
> But! I cannot login via ssh, make an ftp connection, or look at
> a web page outside our local network at our institute.
> I get the message: connection denied.
>
> Then I reinstalled kernel-2.2.19-15mdk, and everything worked again.
>
> To all you system administrators out there: Any ideas would be welcome.
>
> Best regards,
>
> Dr Bjarne Thomsen
> Institute of Physics and Astronomy
> Aarhus, Denmark
>
> Juergen Hammelmann wrote:
> >
> > Hello Julia,
> >
> > traceroute is ok, I can reach www.adac.de, but the connection to the
> > webserver is refused with kernel 2.4.7, several releases from mandrake-devel,
> > 3mdk, 7mdk, and now 13mdk!
> > But the same configuration of by box running kernel 2.2.19, there is no
> > problem to connect to www.adac.de with and without firewall.
> >
> > Very Strange! Maybe one kernel option? I use the default from the
> > mandrake-devel...
> >
> > Ciao, J�rgen
> > --
> > email: [EMAIL PROTECTED] address: J. Hammelmann, Br�hlstr. 6
> > phone: +49-7034-61578, +49-179-2178869 D-71157 Hildrizhausen, Germany
> > fax: +49-7034-652189
> > www: http://www.mathematik.uni-stuttgart.de/~hammelje
S/MIME Cryptographic Signature
