Re: Ipfilter keep state can't handle Linux TCP window scaling 7

This is a discussion on Re: Ipfilter keep state can't handle Linux TCP window scaling 7 within the IPFilter forums, part of the System Security and Security Related category; ming fu wrote: > Hi, > > I tried on FreeBSD 10 and FreeBSD 11 > > Linux 2.6....


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: Ipfilter keep state can't handle Linux TCP window scaling 7

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-10-2006
Darren Reed
 
Posts: n/a
Default Re: Ipfilter keep state can't handle Linux TCP window scaling 7
ming fu wrote:
> Hi,
>
> I tried on FreeBSD 10 and FreeBSD 11
>
> Linux 2.6.8 --> ipfilter/FreeBSD 4.10 -> FreeBSD 5.4
>
> ssh from Linux to FreeBSD 5.4 with rule on the ipfilter/FreeBSD 4.10
> box in the middle.
>
> pass in quick on lnc0 proto tcp from 10.1.0.0/16 to 172.31.0.0/16 port
> = 22 flags S keep-state
>
> The Linux box is on the 10.1.0.0 and FreeBSD 5.4 on the 172.31.0.0.
>
> Once the Linux sets the TCP window scale to 7 (TCP option 3), the ssh
> will stall and then reset under some load. The SSH login and a few
> "ls" command worked fine.

It sounds like IPFilter needs to be updated

You should be using at least 4.1.10

Darren

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 11:20 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0