Kernel network issue with Juniper JUNOS stateful firewall
Pekka Savola
pekkas at netcore.fi
Thu Aug 24 19:16:45 UTC 2006
On Wed, 23 Aug 2006, Nicholas Miell wrote:
>> Now, this appears to be a Juniper JUNOS bug (and our Juniper SE is going
>> to open a case), but what could have changed between Linux kernels
>> 2.6.15 and 2.6.17 that would trigger it? I'm hoping to narrow this down
>> somehow to help Juniper find the problem.
>
> IIRC, 2.6.17 had some changes to TCP window scaling which breaks on some
> stupid NAT/firewall/load balancing appliances. (And some versions of BSD
> pf, apparently.)
FWIW, we experienced breakage with Cisco's IOS Firewall (FTP IP
Inspect) in particular. Reducing the window size helped. The issue
is being investigated.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-devel-list
mailing list