Prev: samba drive not accessible unless iptables is stopped
Next: iptables / Samba / internet connectivity
From: Thorsten Kohlhepp on 25 Jan 2008 11:34
Hi guys,
I have a strange behavior on a Centos 5 machine. Whenever I connect from
the internet to that machine using ssh I get a tcp window size of 1. But
when I connect from the local network it is fine (it's around 30).
The machine is behind a firewall using NAT to forward any traffic from www
to the same network card on which the local network resides.
Any kernel parameter is the default which comes with Centos 5.

net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_mem = 786432 1048576 1572864
net.core.rmem_default = 110592
net.core.wmem_default = 110592
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1

Do you have any clue why this happens?
Thanks for your attention.
Ciao
Thorsten
From: David Schwartz on 26 Jan 2008 15:19
On Jan 25, 8:34 am, Thorsten Kohlhepp <i...(a)thorko.de> wrote:

> I have a strange behavior on a Centos 5 machine. Whenever I connect from
> the internet to that machine using ssh I get a tcp window size of 1. But
> when I connect from the local network it is fine (it's around 30).
> The machine is behind a firewall using NAT to forward any traffic from www
> to the same network card on which the local network resides.
> Any kernel parameter is the default which comes with Centos 5.

Sounds like the firewall/NAT device is broken and doesn't understand
TCP window scaling. Turning off TCP window scaling on the Centos
machine may workaround the problem.

DS
From: Thorsten Kohlhepp on 27 Jan 2008 07:49
David Schwartz wrote:
> On Jan 25, 8:34 am, Thorsten Kohlhepp <i...(a)thorko.de> wrote:
>
>> I have a strange behavior on a Centos 5 machine. Whenever I connect from
>> the internet to that machine using ssh I get a tcp window size of 1. But
>> when I connect from the local network it is fine (it's around 30).
>> The machine is behind a firewall using NAT to forward any traffic from www
>> to the same network card on which the local network resides.
>> Any kernel parameter is the default which comes with Centos 5.
>
> Sounds like the firewall/NAT device is broken and doesn't understand
> TCP window scaling. Turning off TCP window scaling on the Centos
> machine may workaround the problem.
>
> DS
There are several other Centos machines behind the same firewall and on
those it is working. I checked if a firewall is running on the machine
which has that issue and no there is no firewall running.
If I turn off window scaling I get a window size of 2 and the internet
connections stop working. It is really weird, I guess it is a kernel
problem. The machine is running on 2.6.9-42.0.8.ELsmp. Does anyone have
the same experience?
Ciao
thorko
From: Rick Jones on 28 Jan 2008 13:46
What is the value of the window scale in the TCP SYNchronize segments?

rick jones
--
firebug n, the idiot who tosses a lit cigarette out his car window
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
From: Thorsten Kohlhepp on 29 Jan 2008 05:30
Rick Jones wrote:
> What is the value of the window scale in the TCP SYNchronize segments?
>
> rick jones
From the Centos Machine to the internet wscale of 9 and vice versa 2.
Is there anything wrong about it? Because on other machines I always get
2. If it is wrong how can I change it?
Thanks
thorko
 |  Next  |  Last
Pages: 1 2 3
Prev: samba drive not accessible unless iptables is stopped
Next: iptables / Samba / internet connectivity