Re: www.edirectory.co.uk -> TCP stack problem?
From: Christopher K. Johnson (ckjohnson_at_gwi.net)
Date: 09/29/04
- Previous message: ne...: "Re: FC1 Users: Sample yum.conf for Fedora Legacy Updates"
- In reply to: Douglas Furlong: "www.edirectory.co.uk -> TCP stack problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 29 Sep 2004 07:47:51 -0400 To: For users of Fedora Core releases <fedora-list@redhat.com>
Douglas Furlong wrote:
>Good morning All.
>
>I've recently noticed an odd problem with accessing www.edirectory.co.uk
>
>On all of my FC2 machines here, we recently stopped being able to access
>the above site. Via Firefox, Mozilla, elinks. All of them fail saying
>document contains no data.
>
>I have used tcpdump host www.edirectory.co.uk both on the client and
>firewall to try and get a better idea of what is going on, and I used
>ethereal on the client. Below is what I get.
>
>Firewall
>--------
>11:11:27.584098 192.168.0.181.34506 > www.edirectory.co.uk.http: S
>1062279754:1062279754(0) win 5840 <mss 1460,sackOK,timestamp 62570253
>0,nop,wscale 7> (DF)
>11:11:27.605934 www.edirectory.co.uk.http > 192.168.0.181.34506: S
>4164346285:4164346285(0) ack 1062279755 win 17520 <mss 1460,nop,wscale
>0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF)
>11:11:27.606108 192.168.0.181.34506 > www.edirectory.co.uk.http: . ack 1
>win 46 <nop,nop,timestamp 62570275 0> (DF)
>11:11:27.606482 192.168.0.181.34506 > www.edirectory.co.uk.http: P 1:452
>(451) ack 1 win 46 <nop,nop,timestamp 62570275 0> (DF)
>11:11:27.828597 192.168.0.181.34506 > www.edirectory.co.uk.http: P 1:452
>(451) ack 1 win 46 <nop,nop,timestamp 62570497 0> (DF)
>11:11:27.864180 www.edirectory.co.uk.http > 192.168.0.181.34506: . ack
>452 win 17069 <nop,nop,timestamp 11171953 62570497> (DF)
>
>Client
>------
>11:03:33.441591 IP 192.168.0.181.34506 > www.edirectory.co.uk.http: S
>1062279754:1062279754(0) win 5840 <mss 1460,sackOK,timestamp 62570253
>0,nop,wscale 7>
>11:03:33.463543 IP www.edirectory.co.uk.http > 192.168.0.181.34506: S
>4164346285:4164346285(0) ack 1062279755 win 17520 <mss 1460,nop,wscale
>0,nop,nop,timestamp 0 0,nop,nop,sackOK>
>11:03:33.463604 IP 192.168.0.181.34506 > www.edirectory.co.uk.http: .
>ack 1 win 46 <nop,nop,timestamp 62570275 0>
>11:03:33.463836 IP 192.168.0.181.34506 > www.edirectory.co.uk.http: P
>1:452(451) ack 1 win 46 <nop,nop,timestamp 62570275 0>
>11:03:33.684898 IP 192.168.0.181.34506 > www.edirectory.co.uk.http: P
>1:452(451) ack 1 win 46 <nop,nop,timestamp 62570497 0>
>11:03:33.721780 IP www.edirectory.co.uk.http > 192.168.0.181.34506: .
>ack 452 win 17069 <nop,nop,timestamp 11171953 62570497>
>
>Ethereal Output (attached).
>
>I am currently running kernel 2.6.8-1.521
>
>We have tested access to the site on both windows and FC1 fully updated
>and the site comes up fine.
>
>The ethereal output seems to suggest that it feels the TCP sequence is
>"wrong", and the two tcpdump outputs heavily suggest there is a problem
>on our end.
>
>So far I have tried the following kernels, which allow me to access the
>site.
>2.6.5-1.358
>2.6.6-1.427
>2.6.6-1.435
>2.6.6-1.435.2.1
>2.6.6-1.435.2.3
>2.6.8-1.541
>
>So far I have tried the following kernels, which do NOT allow me to
>access the site.
>2.6.7-1.494.2.2
>2.6.8-1.521
>
>
>
I see that window scaling is involved. Try adding the following two
entries, to /etc/sysctl.conf (2nd one for wscale):
-------- Start /etc/sysctl.conf additions ------
# Disable TCP ECN which some routers and servers cannot handle.
net.ipv4.tcp_ecn = 0
# Disable TCP window scaling which some routers and firewalls cannot handle.
net.ipv4.tcp_window_scaling = 0
-------- End /etc/sysctl.conf additions ------
Then activate the change:
sysctl -p
Chris
-- ----------------------------------------------------------- "Spend less! Do more! Go Open Source..." -- Dirigo.net Chris Johnson, RHCE #807000448202021 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: ne...: "Re: FC1 Users: Sample yum.conf for Fedora Legacy Updates"
- In reply to: Douglas Furlong: "www.edirectory.co.uk -> TCP stack problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
