A couple of weeks ago I sent a note to this list saying I couldn't get to the proxy server from Konquerer running on SuSE SLES7. An enterprising user of mine has found the solution, and I'm posting it here for others who might have a similar problem. The 2.4 kernel apparently uses a new feature of TCP called ECN which is causing problems with proxy servers.
> I placed the command > > echo "0" > /proc/sys/net/ipv4/tcp_ecn > > into /etc/init.d/boot.local and it has solved the problem. > Details about the problem are below. "You do not need a parachute to skydive. You only need a parachute to skydive twice." -Motto of the Darwin Society Gordon W. Wolfe, Ph.D. (425) 865-5940 VM Technical Services, The Boeing Company > ---------- > From: Darbro, Brandon S > Sent: Tuesday, March 26, 2002 12:39 PM > To: Wolfe, Gordon W > Cc: Delaune, David B > Subject: RE: lnx20002 can't use web proxies > > You know what, a situation came up on a desktop linux box today that > duplicated this problem. When upgrading their kernel to 2.4.18, they too > lost access to the proxies. I'm glad they called me to investigate. > > It dawned on me as soon as they told me what they were seeing. tcp ecn > ability. New in the 2.4 kernel series, and only enabled by default in > very few distributions or with standard kernels 2.4.18 or later (this is > the latest kernel right now). > > In /proc/sys/net/ipv4/tcp_ecn, is the value of this new tcp protocal > enchancement. 0 is off, 1 is on. Well low and behold, both his desktop > and lnx20002 were set to 1. > > What does having this enabled do? It inables a new tcp ip v4 enhancement > called ECN, its a form of quality of service enhancement. It uses a > couple of the reserved bites in the tcp header for doing its work, which > has been known to break routing through many older cisco routers... but > more noticibly, it breaks connections with firewalls and perimeter > systems... they interpret the usage of those reserved bytes in the header > as a hacked packet and drops them. > > I remember reading about this several months ago, it just now dawned on me > that was what was occurring. > > So, the fix? > > To the system init script (usually /etc/rc.d/rcsysinit or something > similar), add: > echo "0" > /proc/sys/net/ipv4/tcp_ecn > > And that solves it. Now the system can reach the proxy servers. :) YAY! > Close the ticket. > > *Brandon > > >
