Re: Problems with iptables ECN target

To: debian-firewall@lists.debian.org
Subject: Re: Problems with iptables ECN target
From: Kevin Shanahan <kmshanah@ucwb.org.au>
Date: 10 Nov 2003 13:33:10 +1030
Message-id: <[🔎] 1068433390.578.21.camel@arakasi>
In-reply-to: <[🔎] 1068427819.578.11.camel@arakasi>
References: <[🔎] 1068427819.578.11.camel@arakasi>

On Mon, 2003-11-10 at 12:00, Kevin Shanahan wrote:
> Rather than disable ECN altogether on our host, I've
> tried to set up an iptables rule for each broken host to remove the ECN
> bits from the packets, like so:
> 
>   iptables -t mangle -A POSTROUTING -p tcp -d some.broken.host \
> 	-j ECN --ecn-remove 1
> 
> This doesn't seem to have any effect on the packets.

Ok, I figured it out. With iptables 1.2.6a included in woody, the
--remove-ecn option only removes the ecn bit from the ip header, not the
tcp header. I recompiled v1.2.9 from sid and it now works perfectly.
Sorry for the noise.

Regards,
Kevin.

Reply to:

References:
- Problems with iptables ECN target
  - From: Kevin Shanahan <kmshanah@ucwb.org.au>

Prev by Date: Problems with iptables ECN target
Next by Date: Re: Logging
Previous by thread: Problems with iptables ECN target
Next by thread: iptables applied only on 'main' kernel routing table?
Index(es):
- Date
- Thread