Re: Kernel network issue with Juniper JUNOS stateful firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 23 Aug 2006, Nicholas Miell wrote:

Now, this appears to be a Juniper JUNOS bug (and our Juniper SE is going
to open a case), but what could have changed between Linux kernels
2.6.15 and 2.6.17 that would trigger it?  I'm hoping to narrow this down
somehow to help Juniper find the problem.


IIRC, 2.6.17 had some changes to TCP window scaling which breaks on some
stupid NAT/firewall/load balancing appliances. (And some versions of BSD
pf, apparently.)
FWIW, we experienced breakage with Cisco's IOS Firewall (FTP IP Inspect) in particular. Reducing the window size helped. The issue is being investigated. 

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux