On Mon, 29 Nov 2004, kernel wrote:
> I've run into a problem with 2.6.(8.1,9) after installing a secondary
> firewall. When I try to pull data through the original firewall (mail,
> http, ssh), it stops after approx. 260k. Running ethereal tells me "A
> segment before the frame was lost" followed by a bunch of "This is a
> TCP duplicate ack" when using ssh. All 2.4.x machines and windows
> clients work fine. I built 2.4.28 and it works fine from my machine. I
> also fiddled with tcp_ecn and that didn't fix it either. I don't have
> any problems communicating to "local" machines. I've attached the
> tcpdump output from an scp attempt. NIC is a 3Com Corporation 3c905B.
Try `echo 0 > /proc/sys/net/ipv4/tcp_window_scaling'. If this makes it
work, it's almost certainly a buggy firewall.
Also, tcpdumps are far more useful if they are binary (tcpdump -w) and
capture the beginning of the connection.
-John
|