cwood@wencor.com
2002-Oct-23 17:12 UTC
[Shorewall-users] Remote Web and mail servers timing out?
This may be an ignorant question and maybe a tad off topic.... I installed Shorewall over the weekend (cool software) and I am now seeing two things: 1. (Boeing) mail servers timeout when I try to contact them. (They have multiple servers, all time out.) 2. (www.arinc.com) one web server times out. These are the only problems I have run into -- I mean with these sites specifically (I also verified that www.arinc.com does work from my house). I''ve got a ton of other mail and web activity going through just fine. I at first thought that maybe this was because I hadn''t opened identd on port 113, so I opened 113 but I still have the same problem. I suspect other mai/web sites are doing this to me as well but haven''t been brought to my attention yet. Is there something else that some small percentage of servers out there are looking for that I''m now blocking? -=-=-=-=-=- Chris Wood 801-489-2097 - Wencor - Kitco - Dixie Aerospace -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Tom Eastep
2002-Oct-23 17:43 UTC
[Shorewall-users] Remote Web and mail servers timing out?
cwood@wencor.com wrote:> > > > This may be an ignorant question and maybe a tad off topic.... > > I installed Shorewall over the weekend (cool software) and I am now seeing > two things: > 1. (Boeing) mail servers timeout when I try to contact them. (They have > multiple servers, all time out.) > 2. (www.arinc.com) one web server times out. > > These are the only problems I have run into -- I mean with these sites > specifically (I also verified that www.arinc.com does work from my house). > I''ve got a ton of other mail and web activity going through just fine. I > at first thought that maybe this was because I hadn''t opened identd on port > 113, so I opened 113 but I still have the same problem. I suspect other > mai/web sites are doing this to me as well but haven''t been brought to my > attention yet. > > Is there something else that some small percentage of servers out there are > looking for that I''m now blocking?If the timeout is occurring on connection, look for ECN problems. On the system that is trying to connect do "echo 0 > /proc/sys/net/ipv4/tcp_ecn". -Tom PS -- I did "echo 1 > /proc/sys/net/ipv4/tcp_ecn" and I could no longer connect to www.arinc.com so this sounds like the problem. You need to arrange for ECN to be disabled each time that you boot. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
cwood@wencor.com
2002-Oct-23 18:56 UTC
[Shorewall-users] Remote Web and mail servers timing out?
> If the timeout is occurring on connection, look for ECN problems. On the > system that is trying to connect do "echo 0 >/proc/sys/net/ipv4/tcp_ecn".> > -Tom > > PS -- I did "echo 1 > /proc/sys/net/ipv4/tcp_ecn" and I could no longer > connect to www.arinc.com so this sounds like the problem. You need to > arrange for ECN to be disabled each time that you boot.That did it, thanks (again)! I''m not even sure what an ecn is. :) I''m gonna go read up on it.