Re: Problems with iptables ECN target
On Mon, 2003-11-10 at 12:00, Kevin Shanahan wrote:
> Rather than disable ECN altogether on our host, I've
> tried to set up an iptables rule for each broken host to remove the ECN
> bits from the packets, like so:
>
> iptables -t mangle -A POSTROUTING -p tcp -d some.broken.host \
> -j ECN --ecn-remove 1
>
> This doesn't seem to have any effect on the packets.
Ok, I figured it out. With iptables 1.2.6a included in woody, the
--remove-ecn option only removes the ecn bit from the ip header, not the
tcp header. I recompiled v1.2.9 from sid and it now works perfectly.
Sorry for the noise.
Regards,
Kevin.
Reply to: