Results 1 to 1 of 1
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Feb 2007
- Columbus, OH
iptables ECN target is a black hole
Adding the following lines to /etc/sysconfig/iptables, then doing service iptables reload, causes all outgoing tcp connections to just hang there.
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -p tcp -j ECN --ecn-tcp-remove
This is a router/nat box for our local network. Local machines are a mix of Windows (no ECN) and Linux (ECN enabled).
It's otherwise a pretty standard setup. I could never get ECN removal to work for the few broken sites that require it (Southwest Airlines in my case). As soon as you try it, even per-site, then no connections ever succeed.