[Bug 443] 2.6 kernel failing in NAT with significant outbound
traffic
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Wed Apr 12 11:12:14 CEST 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=443
------- Additional Comments From kadlec at netfilter.org 2006-04-12 11:12 MET -------
To be precise, your site is not flawed but the device somewhere in the uplink.
We cannot compensate the bug in conntrack besides the already existing
'ip_conntrack_tcp_be_liberal' flag.
But it'd be not hard to write a new TCPOPTSTRIP target which could be used in
the mangle table to remove the SACK-permitted option from your outgoing TCP SYN
packets. Thus there were no need to disable SACK in all of your machines,
one-by-one.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the netfilter-buglog
mailing list