[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Network problem, box sending tcp flags SWE on SYN.....

On Tue, Jun 12, 2001 at 03:42:13PM +0200, Alwyn Schoeman wrote:
> Hi,
> I have this problem where my box cannot talk through a pix firewall which 
> allows everything through, but can talk to any box on the local network.  On 
> closer investigation with tcpdump it appears that it initiates tcp 
> communication using flags SWE (WE is unknown to me).  Local machines tend to 
> ignore that, but I think the pix doesn't.  I get an RWE back and then nothing 
> happens....
> Anyone know how this can be fixed?

Your post is a bit short on details, so here's a shot in the dark ...

Are you running kernel 2.4.x?  If so, _and_ you have TCP ECN enabled,
that's the problem.

How to check?

  # sysctl net.ipv4.tcp_ecn

1 means on.

How to fix? Short term:

  # sysctl -w net.ipv4.tcp_ecn=0

Long term: Get the ECN patch from Cisco for the PIX and upgrade.

Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd.                 | than a perfect plan tomorrow.
mailto:nnorman@micromuse.com   |   -- Patton

Attachment: pgprxnX_OQvj9.pgp
Description: PGP signature

Reply to: