[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Problems with iptables ECN target



Hi list,

I'm having some trouble getting the iptables ECN target to work. There
are a number of mail hosts that we need to deliver to, which are broken
for w.r.t. ECN. Rather than disable ECN altogether on our host, I've
tried to set up an iptables rule for each broken host to remove the ECN
bits from the packets, like so:

  iptables -t mangle -A POSTROUTING -p tcp -d some.broken.host \
	-j ECN --ecn-remove 1

This doesn't seem to have any effect on the packets. The counters show
that the packets are matching this rule ok, but tcpdump/ethereal still
shows the packets as having ECN enabled (and the broken host still
doesn't respond). Can anyone help?

This is on Debian Woody, with kernel 2.4.22 - no modules, all required
options compiled in.

Regards,
Kevin Shanahan.




Reply to: