[Bug 443] 2.6 kernel failing in NAT with significant outbound traffic

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Tue Apr 11 22:31:34 CEST 2006


https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=443





------- Additional Comments From nothingel at hotmail.com  2006-04-11 22:31 MET -------
I did a "echo 0 > /proc/sys/net/ipv4/tcp_sack" on the client machine and the
problem disappeared even with ip_conntrack_tcp_be_liberal set to "0".

So, I believe the theory has been proven.

Unfortunately, I cannot disable SACK on all client machines because some are
windows-based (or can this be done on windows too?).

Can this condition be detected and automatically compensated for?  I'm concerned
about others that might encounter this situation and "give up" and say "linux is
broken".  I only found ip_conntrack_tcp_be_liberal by going through the
changelogs one-by-one until I found something that might explain why recent
kernels were "broken" whereas older kernels "worked."

For now, I will rely on ip_conntrack_tcp_be_liberal.  I do NOT doubt that my
site is fundamentally flawed but I am not in a position to do anything about it.

-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.



More information about the netfilter-buglog mailing list