similar to: http and smtp connections time out

I think we should add an FAQ entry for tcp_ecn. I remember Tom giving a good description in one of his many responses and there is mention of it in the pptp page, but I could not find the response from Tom about different tcp stacks. Thanks, -- Steve Herber herber@thing.com work: 206-261-0307 Systems Engineer, AMCIS, UoW home: 425-454-2399 ---------- Forwarded message ---------- Date: Sat,

Hello, I'm deploying asterisk on a comtrend mips adsl router, I'm aware of the dependence of libncurses, so I compiled ncurses 5.6 for that platform, As you must Know this devices are not resource wide and flash memory especially, after ncurses compilation I have a /usr/share/terminfo with 1,6 MB space and some other libraries, libmenu libform llibpanel etc, I would like to know if

I am having a problem with connections from a server behind a shorewall firewall. Both machines are running redhat 8.0 with a custom 2.4.20 kernel. The problem lies with a mail server I am configuring which has been able to send mail to all hosts, except this one. The connection starts with the SYN_SENT, and then just hangs there. (telnet to remote server on port 25 just hangs trying to

> -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Monday, May 13, 2002 9:05 AM > To: Steve Herber > Cc: Shorewall Development > Subject: Re: [Shorewall-devel] RE: [Shorewall-users] SMTP outbound > problem (fwd) > > > On Mon, 13 May 2002, Steve Herber wrote: > > > I think we should add an FAQ entry for tcp_ecn. > >

I''ve decided to make a late addition to 1.4.0. A number of you have encountered a problem whereby TCP connections could not be established to certain sites. The solution was to turn of Explicit Congestion Notification (ECN -- RFC 3168). I have added a facility whereby ECN may be turned off on a host or network basis. A new /etc/shorewall/ecn file (format is the same as

Hi ! I''ve a router linux with 3 eths in order to share internet connection: 1:lo 2:eth0-> Internet Connection (DHCP) 3:eth1-> gateway wired hosts -> 192.168.101.254 4:eth2-> gateway wireless hosts -> 192.168.212.254 / 192.168.230.254 / 192.168.210.254 / ... eth2 haves diferents IP Aliasings because it connect to a switch which connect 4 access points (linksys), each

Greetings, Yet another strange pattern of traffic is being halted at the shorewall firewall, but I have no idea what this is. IANA shows the ports unassigned, and a net search yields only some of the same questions - what is this port? There are two machines as SOURCE, on the same class C network, adjacent, even, sending one connect attempt to TCP port 32230 every five minutes. I''m

I'm using a rather strange config, borne out of neccessity rather than choice at home. My internet 'router' is a Win2000 Pro box running Winroute, and my three Linux boxen (running 7.2/8.0/9.0 RH) are networked thru to the Win box using SNAT on the box I work on (don't ask why - it's just pratical, and I can't afford a hub/switch to do this). In any case, it's a

Dear Community, sorry for the somewhat dumb question. Maybe someone has any pointer to how to setup the RED queue to mark pakets with ECN. In particular what are appropriate parameter settings for limit, min, max, etc. All my trials end up with either "RTNETLINK answers: Invalid argument", although the command line (at least for me) looks fine in regard to what is said on the

This is a bug-fix roll-up. Problems corrected since 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when

Hello Tom, I''ve been using Shorewall for years without problems. My previous version of shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using rpm to 2.0.8-1. After update no one can connect to any interface from net. Server can connect to outside world fine and those described in routestopped have no problem connecting. Any help correcting this problem would be

Hello, I believe there may be a bug in shorewall version 2.0.8. I''ve been using shorewall for years without problems (last installed version was 1.4.6b-1). I''ve posted previously with the subject line "After upgrade people can no longer connect" dated on Sunday, September 19, 2004 which contains all the information for the upgrade. Today I uninstalled shorewall

Hello, I recently set a new server (a HP Proliant with 2 Quad Xeon 2GHz and 8GB RAM), with a Slackware 13 64Bits, where I installed Xen 4.0, with the kernel 2.6.31.13 (the same for dom0 and for domU), and I set up a virtual mail server from which several people retrieve its mail. When i try to download big files or retrieve big mails from that server, it often start to slow down to 4-5Kb/s

I helped set up a firewall at my brother''s church and we are running shorewall 1.4.6b on a redhat 9 box. Works well. [root@fumcbafw shorewall]# uname -r 2.4.20-19.9 [root@fumcbafw shorewall]# iptables --version iptables v1.2.7a The box also serves as a dhcp server for the church offices and there is one box that apparently still has the old firewall config (zone alarm) on it since it

Hello, This is not really a shorewall problem. But just wanted to check if this problem rang a bell with any of you. I have a linux router with slackware 9.1, and kernel 2.4.27 Everyting works ok except for access to web sites that use akamai from behind the router. >From the router machine itself I can access those sites without problems. But machines behind nat, take forever to access

Clients: Some sites just show the top area not the full page. Some sites cant be reached at all. I think it 90% may be the MTU/MSS problem. But I already have set the shorewall.conf CLAMPMSS=1400 or CLAMPMSS=Yes, but it doest make things good. I would be mad. Anybody helps me would so appreciated! If you want know more info. to diag my problem, I would be please to.

Hello, Since the ipmasq package has been dropped from debian I decided to migrate to shorewall. My setup is pretty simple: [DSL Modem] -eth0- [shorwall/gateway] -eth1- [local network] ipmasq required that I set the MTU on eth0 to 1492. Migrating to shorewall went well, but a small number of web sites would load slow or not at all. Setting the MTU on eth0 to 1492 and setting CLAMPMSS=Yes

Hi I have a (bizarre) problem with ssh, which someone has suggested may be down to the MSS value being too high. I know that within Shorewall I can clamp the MSS value to the MTU-40 value, but is there a way I can set MSS to a discreet value? I just want to (dis)prove the MSS theory at the moment (I know it isn''t a real fix). Thanks, Keith

Hi all I been looking into the whole code strugture of chan_iax and i see there is a option to specify the refresh rate of registrations: But there is no code to actually load this from the config file thus i changed the setting in chan_so.h, and recompiled. But still my refresh rate is 60 sec. I need to get this down to 15 sec (nat /pat firewall issue) any ideas? thanks Liaan

Aloha! I am new to tinc and I like to figure out my own issues before asking but I am not sure of my next step here. I am not sure if the problem is the VPN configuration or in my network. I will try to be as through as possible. I have two computers that are CentOS with the latest tinc from their respective repositories. Server A is behind a Sophos XG and Server B is behind a Ubiquiti Edge