Re: need iptables rule to turn off ecn on a firewall

To: debian-firewall@lists.debian.org
Subject: Re: need iptables rule to turn off ecn on a firewall
From: Tarragon Allen <melange@n12turbo.com>
Date: Fri, 2 May 2003 16:04:22 +1000
Message-id: <[🔎] 200305021604.22142.melange@n12turbo.com>
In-reply-to: <[🔎] 3EB200E4.8070401@hanaden.com>
References: <[🔎] 3EB200E4.8070401@hanaden.com>

On Fri, 2 May 2003 03:23 pm, Hanasaki JiJi wrote:
> The internal network has ECN on.  A few ports are NATed going out.  Is
> there an iptables rule that will turn off ECN as ports are going out
> through the firewall?

Haven't actually done this myself, but it's definitely possible according to 
the iptables man page :
===
   ECN
       This target allows to selectively work around known ECN blackholes.  It 
can only be used in the mangle  table.

       --ecn-tcp-remove
              Remove all ECN bits from the TCP header.  Of course, it can only 
be used in conjunction with -p tcp.
===
Something like:

iptables -t mangle -I FORWARD -o $EXTERNAL_INTERFACE -p tcp --ecn-tcp-remove

(untested, but looks right to me)

t
-- 
GPG : http://n12turbo.com/tarragon/public.key

Reply to:

Follow-Ups:
- Re: need iptables rule to turn off ecn on a firewall
  - From: Hanasaki JiJi <hanasaki@hanaden.com>

References:
- need iptables rule to turn off ecn on a firewall
  - From: Hanasaki JiJi <hanasaki@hanaden.com>

Prev by Date: need iptables rule to turn off ecn on a firewall
Next by Date: Re: need iptables rule to turn off ecn on a firewall
Previous by thread: need iptables rule to turn off ecn on a firewall
Next by thread: Re: need iptables rule to turn off ecn on a firewall
Index(es):
- Date
- Thread