I have found this exact same problem at several of my customer sites running 3.2.7 and 3.3.x. We were aware we had some issues missing email, etc from some places but it appeared random. Now that we are looking (thanks Jason) we see that the issue is related to this bug. This seems to be more of a serious bug fix than a feature improvement. Why hasn't this been patched on earlier versions?
Chris Green -----Original Message----- From: Jonathan [mailto:[EMAIL PROTECTED] Sent: Friday, March 05, 2004 6:35 PM To: [EMAIL PROTECTED] Subject: Re: [gb-users] Rejecting unexpected packet - SOLVED So, if this is actually the case, when should we expect to get our free upgade? At 04:21 PM 3/5/2004, you wrote: >Paul Emerson wrote: >>The log message indicates that the packet is a TCP Reset (flag=0x4) packet. >>This message just indicates that a Reset packet was not expected, (as Reset >>packets are generally used to terminate/reset a session). Could also be a >>case of someone forging a packet and sending the reset to screw things up or >>attempt to hijack a session, (possible but maybe unlikely). Since you'd send >>a Reset to one side while you jump in the middle and start talking to the >>other. > >The issue was indeed with GNAT Box. The version I was using has a problem >talking to other hosts that make use of Explicit Congestion Notification >(ECN). Here is a snippet I found using google.com: > >---Snippet--- >CONFIG_INET_ECN: > >Explicit Congestion Notification (ECN) allows routers to notify >clients about network congestion, resulting in fewer dropped packets >and increased network performance. This option adds ECN support to the >Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which >allows ECN support to be disabled at runtime. > >Note that, on the Internet, there are many broken firewalls which >refuse connections from ECN-enabled machines, and it may be a while >before these firewalls are fixed. Until then, to access a site behind >such a firewall (some of which are major sites, at the time of this >writing) you will have to disable this option, either by saying N now >or by using the sysctl. >---Snippet--- > >I figured this out with the help of the friend who originally notified me >of the problem. He is running Debian Linux mail servers with ECN built >into the kernel. > >I've updated the GB-1000 to v3.4.2 and the problem has disappeared. As a >warning to other people running older versions of GNAT Box (mine was >3.3.4s), you may want to search your firewall filter logs for 'Rejecting >unexpected packet' and make sure that you aren't rejecting legitimate >connections due to a bug in GNAT Box. > >///Jason > >------------------------------------------------------ >To unsubscribe: [EMAIL PROTECTED] >For additional commands: [EMAIL PROTECTED] >Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
