Linode Forum
https://forum.linode.com/

Problems connecting to machines behind firewalls
https://forum.linode.com/viewtopic.php?f=19&t=178		 Page 1 of 1
Author:  caker [ Mon Jun 30, 2003 9:56 pm ]
Post subject:  Problems connecting to machines behind firewalls
Our 2.4.20 and 2.4.21 kernels come with ECN compiled in (and ON by default).

If you are having problems connecting to remote machines from inside your Linode, and the remote machine doesn't return pings, it might be behind an old firewall that doesn't do ECN. Do this to turn it off:

echo 0 > /proc/sys/net/ipv4/tcp_ecn

You can add that to a startup script to disable ECN on boot.

Code:
==============================
CONFIG_INET_ECN:

  Explicit Congestion Notification (ECN) allows routers to notify
  clients about network congestion, resulting in fewer dropped packets
  and increased network performance. This option adds ECN support to
  the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn)
  which allows ECN support to be disabled at runtime.

  Note that, on the Internet, there are many broken firewalls which
  refuse connections from ECN-enabled machines, and it may be a while
  before these firewalls are fixed. Until then, to access a site behind
  such a firewall (some of which are major sites, at the time of this
  writing) you will have to disable this option, either by saying N now
  or by using the sysctl.


Shot out to David Coulson for some help - thanks!

-Chris
Author:  You_Wish [ Wed Nov 12, 2003 10:33 pm ]
Post subject:  Firewalls are we protected already or should i install one
Firewalls are we protected already or should i install one.

I am not trying to blast you guys with all the stupid quesions at once.


bootcamp
thanks
Author:  adamgent [ Thu Nov 13, 2003 3:44 am ]
Post subject: 
Hi,

It is up to you to install your own firewall.

Adam
Author:  You_Wish [ Thu Nov 13, 2003 10:50 am ]
Post subject: 
Do you know if we are already behind any kind of protection so I dont have to waste my time trying to figure out the firewall process.
Author:  adamgent [ Thu Nov 13, 2003 11:17 am ]
Post subject: 
As far as i know there is no protection.

If you need help setting up a firewall, come to the IRC chan, I am sure someone there can help you.

Adam
Author:  Quik [ Thu Nov 13, 2003 2:19 pm ]
Post subject: 
You_Wish - what distro are you running? If it's RH9 small let me know and I'll give you a very quick and easy-install guide for APF (the firewall).
Author:  You_Wish [ Thu Nov 13, 2003 3:45 pm ]
Post subject: 
ya mine is rh8 small that is the one that i could find that would run my version of unrealircd with my crazy setups.
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/