Kernel network issue with Juniper JUNOS stateful firewall
Jay Cliburn
jacliburn at bellsouth.net
Thu Aug 24 02:12:00 UTC 2006
Chris Adams wrote:
> Okay, I've got an odd one, and I'm hoping a kernel developer can at
> least point me in the right direction.
>
> I've got a Linux box (Fedora Core 5 and kernel 2.6.17-1.2174_FC5),
> sitting behind a Juniper J2300 router (running JUNOS 7.3R2.6),
> attempting to FTP to an Alphaserver running Tru64 (5.1B or 4.0G).
>
> With that combination and a stateful firewall enabled on the Juniper, I
> do not get the FTP banner when I open an FTP connection. The connection
> just sits there. This is not the traditional FTP problems (active vs.
> passive, reverse DNS lookup, authentication, etc.).
>
> If I downgrade my Linux box to the FC5 release kernel
> (2.6.15-1.2054_FC5), it works fine. If I upgrade to the rawhide kernel
> (2.6.17-1.2583.fc6), it does not work.
>
> Any other combination of OSes works (FTP from WinXP to Tru64, FTP from
> Linux to Linux or Windows). An FC4 client with a (IIRC) 2.6.16 kernel
> also works to Tru64.
>
> Now, this appears to be a Juniper JUNOS bug (and our Juniper SE is going
> to open a case), but what could have changed between Linux kernels
> 2.6.15 and 2.6.17 that would trigger it? I'm hoping to narrow this down
> somehow to help Juniper find the problem.
>
TCP window scaling?
Try sysctl -w net.ipv4.tcp_window_scaling=0 and see if things start working.
More information about the fedora-devel-list
mailing list