[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Kernel network issue with Juniper JUNOS stateful firewall

On Wed, 23 Aug 2006, Nicholas Miell wrote:
Now, this appears to be a Juniper JUNOS bug (and our Juniper SE is going
to open a case), but what could have changed between Linux kernels
2.6.15 and 2.6.17 that would trigger it?  I'm hoping to narrow this down
somehow to help Juniper find the problem.

IIRC, 2.6.17 had some changes to TCP window scaling which breaks on some
stupid NAT/firewall/load balancing appliances. (And some versions of BSD
pf, apparently.)

FWIW, we experienced breakage with Cisco's IOS Firewall (FTP IP Inspect) in particular. Reducing the window size helped. The issue is being investigated.

Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]