[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Kernel network issue with Juniper JUNOS stateful firewall

Chris Adams wrote:
Okay, I've got an odd one, and I'm hoping a kernel developer can at
least point me in the right direction.

I've got a Linux box (Fedora Core 5 and kernel 2.6.17-1.2174_FC5),
sitting behind a Juniper J2300 router (running JUNOS 7.3R2.6),
attempting to FTP to an Alphaserver running Tru64 (5.1B or 4.0G).

With that combination and a stateful firewall enabled on the Juniper, I
do not get the FTP banner when I open an FTP connection.  The connection
just sits there.  This is not the traditional FTP problems (active vs.
passive, reverse DNS lookup, authentication, etc.).

If I downgrade my Linux box to the FC5 release kernel
(2.6.15-1.2054_FC5), it works fine.  If I upgrade to the rawhide kernel
(2.6.17-1.2583.fc6), it does not work.

Any other combination of OSes works (FTP from WinXP to Tru64, FTP from
Linux to Linux or Windows).  An FC4 client with a (IIRC) 2.6.16 kernel
also works to Tru64.

Now, this appears to be a Juniper JUNOS bug (and our Juniper SE is going
to open a case), but what could have changed between Linux kernels
2.6.15 and 2.6.17 that would trigger it?  I'm hoping to narrow this down
somehow to help Juniper find the problem.

TCP window scaling?

Try sysctl -w net.ipv4.tcp_window_scaling=0 and see if things start working.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]