Our 2.4.20 and 2.4.21 kernels come with ECN compiled in (and ON by default).

If you are having problems connecting to remote machines from inside your Linode, and the remote machine doesn't return pings, it might be behind an old firewall that doesn't do ECN. Do this to turn it off:

echo 0 > /proc/sys/net/ipv4/tcp_ecn

You can add that to a startup script to disable ECN on boot.

==============================
CONFIG_INET_ECN:

  Explicit Congestion Notification (ECN) allows routers to notify
  clients about network congestion, resulting in fewer dropped packets
  and increased network performance. This option adds ECN support to
  the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn)
  which allows ECN support to be disabled at runtime.

  Note that, on the Internet, there are many broken firewalls which
  refuse connections from ECN-enabled machines, and it may be a while
  before these firewalls are fixed. Until then, to access a site behind
  such a firewall (some of which are major sites, at the time of this
  writing) you will have to disable this option, either by saying N now
  or by using the sysctl. 

Shot out to David Coulson for some help - thanks!

-Chris

Firewalls are we protected already or should i install one.

I am not trying to blast you guys with all the stupid quesions at once.


bootcamp
thanks

Hi,

It is up to you to install your own firewall.

Adam

Do you know if we are already behind any kind of protection so I dont have to waste my time trying to figure out the firewall process.

As far as i know there is no protection.

If you need help setting up a firewall, come to the IRC chan, I am sure someone there can help you.

Adam

You_Wish - what distro are you running? If it's RH9 small let me know and I'll give you a very quick and easy-install guide for APF (the firewall).

ya mine is rh8 small that is the one that i could find that would run my version of unrealircd with my crazy setups.