Re: need iptables rule to turn off ecn on a firewall
I have used -t nat -j MASQ quite a bit and have read ALOT on the -t
mangle without gaining as much comprehension as I would like, and need.
Is the -t mangle used as a replacement for -t nat -j MASQ? in
conjunction with it? ... What would need to be done to augment/replace
my current rule that does iptables -t nat -A postrouting -j MASQ... ?
Tarragon Allen wrote:
On Fri, 2 May 2003 03:23 pm, Hanasaki JiJi wrote:
The internal network has ECN on. A few ports are NATed going out. Is
there an iptables rule that will turn off ECN as ports are going out
through the firewall?
Haven't actually done this myself, but it's definitely possible according to
the iptables man page :
This target allows to selectively work around known ECN blackholes. It
can only be used in the mangle table.
Remove all ECN bits from the TCP header. Of course, it can only
be used in conjunction with -p tcp.
iptables -t mangle -I FORWARD -o $EXTERNAL_INTERFACE -p tcp --ecn-tcp-remove
(untested, but looks right to me)
= Management is doing things right; leadership is doing the =
= right things. - Peter Drucker =
= http://www.sun.com/service/sunps/jdc/javacenter.pdf =
= www.sun.com | www.javasoft.com | http://wwws.sun.com/sunone =