[Bug 443] 2.6 kernel failing in NAT with significant outbound
traffic
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Mon Apr 10 16:09:56 CEST 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=443
------- Additional Comments From kadlec at netfilter.org 2006-04-10 16:09 MET -------
Please check that the assumption is correct by executing
## on your firewall machine
echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
## on your client machine
echo 0 > /proc/sys/net/ipv4/tcp_sack
and then try to trigger the problem. If it still persists,
then my assumption is false.
If it's true, then you have got two possibilities:
- disable TCP window tracking in conntrack in the firewall:
echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
- or disable SACK support on all of your machines behind the firewall:
echo 0 > /proc/sys/net/ipv4/tcp_sack
The first one is easier but the second one is a more correct solution:
as you cannot use SACK, do not advertise it.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the netfilter-buglog
mailing list