[37021] in North American Network Operators' Group
The PIX isn't 'broken' ( was Re: Linux, ECN and old firewalls )
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Sun Apr 29 21:53:30 2001
Message-ID: <3AECC5F8.6261A57E@netmore.net>
Date: Sun, 29 Apr 2001 18:55:04 -0700
From: Roland Dobbins <rdobbins@netmore.net>
Reply-To: rdobbins@netmore.net
MIME-Version: 1.0
To: Jason Slagle <raistlin@tacorp.net>
Cc: "ken harris." <ken@boii.com>,
Lee Watterworth <lwatterworth@rim.net>, nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
The PIX isn't 'broken'. It was fixed some time ago. It's just that
some folks don't want to take the time to upgrde their devices.
This same issue applies to older releases of LocalDirector code, as
well. Again, Cisco fixed the problem with alacrity; again, some folks
just don't perform timely upgrades.
Jason Slagle wrote:
>
> Several other higher profile sites (yahoo comes to mind) were doing the
> same thing until I also turned that option off.
>
> I have a feeling it's not only the pix that is broken in this respect.
>
> Jason
>
> --
> Jason Slagle - CCNP - CCDP
> Network Administrator - Toledo Internet Access - Toledo Ohio
> - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172
> /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> \ / ASCII Ribbon Campaign . If dreams are like movies then memories
> X - NO HTML/RTF in e-mail . are films about ghosts..
> / \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows
>
> On Sun, 29 Apr 2001, ken harris. wrote:
>
> > >Bumped into a problem where my firewall was refusing connections from a
> > >linux machine, found the reason and thought I would share:
> >
> > saw similar problems around last august (i think) .. hotmail was refusing
> > connections from one of my linux boxes. a bit of research showed me the
> > following:
> >
> > the workaround i was using was:
> > echo "0" >/proc/sys/net/ipv4/tcp_ecn
> >
> > (though i was kind of pissed i had to even use a workaround and those
> > sites were being too stubborn to fix their gear).
--
------------------------------------------------------------
Roland Dobbins <rdobbins@netmore.net> // 408.859.4137 voice
