Damian-Grint, Philip wrote:
> It is a weird one... all our machines (500 or so) are behind the same
> transparent firewall (Guardian 4).. I have the linux/squid box and the
> proxied Win2k box at my desk, and I can type echo 1 >
> /proc/sys/net/ipv4/tcp_timestamps at the Linux box and type in
> www.marasystems.com on the win2k box ... nothing doing... echo 0 >
> /proc/sys/net/ipv4/tcp_timestamps and retry on the Win2k machine...
> straight through! I can enable/disable/enable ad infinitum and get it to
> happen every time
I would strongly suspect that one of your firewalls or something at your ISP
is not too happy about timestamp options..
Is any of these firewalls doing NAT or anything else fancy?
> tcp_ecn is off - and interestingly, I didn't disable it myself - but I
> thought that 7.2 out of the box was supposed to have it enabled by
> default??
7.2 appears defaults to have ECN off, at least in the installations I have
done.
> here is snippet from my original trace taken on the same segment as the
> squid box - however this is from Sniffer 2.1.. I will get a couple of
> Ethereal or tcpdump snaps with and without the tcp_timestamps and post them
> here later today... I suppose another logical check would be to get a
> trace on the dirty side of the firewall as well
Please don't post packet dumps unless asked for..
Regards
Henrik
Received on Wed May 22 2002 - 08:56:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:11 MST