On Sat, Feb 22, 2003 at 08:21:47PM +0000, Sam Halliday wrote:
> hi there,
>
> i am having trouble viewing one particular website under my current
> firewall setup... (www.talk21.com)
My first thought would be this is an ECN problem. Indeed, without
changes I get connection refused as well. With this rule it works:
iptables -t mangle -A POSTROUTING -o ${PUBINT} -p tcp -d 62.172.192.30 --match ecn --ecn-ip-ect 0 -j ECN --ecn-tcp-remove
Be aware that current released kernels don't have this working. You'll
need a patch:
http://www.netfilter.org/documentation/pomlist/pom-submitted.html#07_ECN-tcpchecksum-littleendian-fix
HTH,
-Ath
--
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
Finger athan(at)fysh.org for PGP key
"And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
Attachment:
pgp00345.pgp
Description: PGP signature
