Re: Cannot Connect to some website on linux
On Mon, 2003-07-28 at 00:43, Ron Johnson wrote:
<---SNIP--->
> # cat /proc/sys/net/ipv4/tcp_ecn
> 1
>
> When /proc/sys/net/ipv4/tcp_ecn had the value "1", I couldn't get
> to thatpetplace either. However, I could, after I did this, and
> then restarted Mozilla:
> # echo "0" > /proc/sys/net/ipv4/tcp_ecn
> # cat /proc/sys/net/ipv4/tcp_ecn
> 0
>
> Make sure to reenable tcp_ecn when you're finished!
>
> # echo "1" > /proc/sys/net/ipv4/tcp_ecn
> # cat /proc/sys/net/ipv4/tcp_ecn
> 1
Ron, as of this writing, 12:55AM EDT, I will have to disagree with you
about turning tcp_ecn back on. For about the next 2 years at least.
You see, Windoze Boxen interpret the ECN Bit as a spoofing attempt.
Snort on Windows sends an alert... Most router respect the bit, but
"lame firewalls" like Checkpoint and thier ilk also reject those packets
with that bit set.
Try and goto Office Depot Commercial Service over https... watch it
BARF. I had a HUGE Squid Cache 100GB of cache, 4GB of Memory on an IBM
Netfinity... same Problem Helpdesk kept getting Phone calls that they
can't get to this and such websites... If they turned of the proxy and
used the straight connect. No Probs. If they used the Proxy no go.
I argued and "vehemently discussed" the situation with the Website
operator... everyone said NOBODY ELSE is calling about it... Well,
Office Depot stood a good chance at losing my organization over this
single little problem they wouldn't budge on. My President called thier
President... amazingly it was changed, within minutes my user could
connect.
Very little luck with website admins whom have "drunk the Microsoft
Kool-Aid" (I know drank is right but drunk get's the point across
better) stating they are using "Industry Standards" and so on...
Well, overall ECN is a great way to make the Internet "self-regulate"
and of course the biggest obstacle is M$ products. But for quite a while
yet, defaulting it to OFF is a good thing.
Reply to: