Problem accessing some https sites

Jacques B. jjrboucher at gmail.com
Thu Feb 1 22:48:30 UTC 2007


> Hi, Jacques and others,
>         I am having a similar problem, but the window scaling didn't fix the
> issue.  As I read the information in the link, I saw that they had ECN
> disabled.  However, I didn't see how or where to do that.  Can someone
> please tell me where that control exists?
>
> Regards,
> Les H
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
The best I can offer is this that I found online @ http://www.tux.org/lkml/

# Why does the 2.4 kernel report Connection refused when connecting to
sites which work fine with earlier kernels?

    * (DW) The 2.4 kernel is designed to make your Internet Experience
more pleasurable. One of the ways in which it does so is by
implementing Explicit Congestion Notification - a new method defined
in RFC 3168 for improving TCP performance in the presence of
congestion by allowing routers to provide an early warning of traffic
flow problems.
      Unfortunately, there are bugs in some firewall products which
cause them to reject incoming packets with ECN enabled. If your own
firewall is broken in this respect, you should check with your vendor
for a fix.
      If the site to which you cannot connect is not under your
control, then after you have contacted the administrator of the
offending site to let them know about their problem, you can disable
ECN in the 2.4 kernel either by disabling the CONFIG_INET_ECN option
and recompiling the kernel, or by executing the following command as
root:
      # echo 0 > /proc/sys/net/ipv4/tcp_ecn

Looks like they are creating a file with a 0 value.  But strange that
it would be a /proc file seeing that is gone on shutdown.

Jacques B.




More information about the fedora-list mailing list