NOTE, this is a RH 7.1 problem fundamentally, but I'm mentioning it here
because the compiled kernels provided by the SGI guys in the 1.0.1 release
masked this problem by (I think) not being compiled with the config
files provided.
If this problem has been mentioned before and I just haven't noticed
it, then sorry for the wasted bandwidth. ;)
The kernel config files for the update to kernel 2.4.3-12 in RH 7.1 (as
well as the XFS 1.0.1 release) have the "CONFIG_NET_ECN" option enabled
("Explicit Congestion Notification"), which marks the SYN packets of
TCP connections in a way that causes some machines to simply refuse all
connections from a Linux box configured in this way.
The comment on the configuration parameter claims this is just "some
firewalls" that won't work with it, and that is not true. I have had this
problem with both at least one firewall product and several other
machines refusing telnet and web connections.
The most confusing thing was this only was happening on the newer
kernels I was compiling myself, using the normal "make oldconfig", etc.
sequence from the config files provided in the kernel sources dir so I
kept as much else the same as possible.
I tore my hair out for a bit until I figured out what was happening
via tcpdump and realized what option was causing the problem, and
more to the point, the pre-compiled kernels provided by the SGI
guys don't seem to correspond to the config files provided...
So, for those who care about TCP/IP compatibility and are compiling
your own kernels, I suggest you remove this option from your
config.
--
Erich Stefan Boleyn <erich@xxxxxxxx> http://www.uruk.org/
"Reality is truly stranger than fiction; Probably why fiction is so popular"
|