Problem accessing some https sites
Rick Stevens
rstevens at vitalstream.com
Thu Feb 1 23:14:06 UTC 2007
On Thu, 2007-02-01 at 17:48 -0500, Jacques B. wrote:
> > Hi, Jacques and others,
> > I am having a similar problem, but the window scaling didn't fix the
> > issue. As I read the information in the link, I saw that they had ECN
> > disabled. However, I didn't see how or where to do that. Can someone
> > please tell me where that control exists?
> >
> > Regards,
> > Les H
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
> The best I can offer is this that I found online @ http://www.tux.org/lkml/
>
> # Why does the 2.4 kernel report Connection refused when connecting to
> sites which work fine with earlier kernels?
>
> * (DW) The 2.4 kernel is designed to make your Internet Experience
> more pleasurable. One of the ways in which it does so is by
> implementing Explicit Congestion Notification - a new method defined
> in RFC 3168 for improving TCP performance in the presence of
> congestion by allowing routers to provide an early warning of traffic
> flow problems.
> Unfortunately, there are bugs in some firewall products which
> cause them to reject incoming packets with ECN enabled. If your own
> firewall is broken in this respect, you should check with your vendor
> for a fix.
> If the site to which you cannot connect is not under your
> control, then after you have contacted the administrator of the
> offending site to let them know about their problem, you can disable
> ECN in the 2.4 kernel either by disabling the CONFIG_INET_ECN option
> and recompiling the kernel, or by executing the following command as
> root:
> # echo 0 > /proc/sys/net/ipv4/tcp_ecn
>
> Looks like they are creating a file with a 0 value. But strange that
> it would be a /proc file seeing that is gone on shutdown.
The file is created on boot by the kernel (ever hear of "procfs"?) and
by default contains a "1". Doing the echo replaces the "1" with a "0"
and turns off ECN. If you want to make it permanent, then put an entry
in /etc/sysctl.conf:
net.ipv4.tcp_ecn = 0
and it'll get set to 0 when sysctl is run via the /etc/rc.d/rc.sysinit
script during startup.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Never test for an error condition you don't know how to handle. -
----------------------------------------------------------------------
More information about the users
mailing list