Kernel 2.6, Fedora, and ECN - or "Why do I get connection refused / timed out on website so-and-so?"
People too slack to run a decent firewall (like whoever carries the traffic between me and www.news.com.au) won't be getting too many hits from Fedora users who have updated to kernel 2.6. Unless said users bother to find out this little nugget - 2.6 Kernels in Fedora ship with ECN enabled. Huh? What's ECN? It's Explicit Congestion Notification, nicely overviewed here by Peter Samuelson, and it helps hosts to more efficiently negotiate just how many bits they can ram down each other's throats without going backwards. The problem is that some crappy firewalls and routers (ie, outdated and bad, or just bad) will drop packets that have ECN enabled on them. They shouldn't, but they do. There are two ways to get around this:
- Contact the owner of the router/host in question, and get them to update/repair their system so it passes ECN traffic
- Disable ECN on your host so that you can get through.
I'm lazy, so I'll do the second. For the activists, do both, for the zealots, do only the first and keep harrasing them until it works :-)
Fix right now:
~# echo 0 > /proc/sys/net/ipv4/tcp_ecn
Stay fixed on next reboot - add this line to /etc/sysctl.conf :
# Disable ecn, cause plenty of fools still drop these packets.
net.ipv4.tcp_ecn = 0
So now you should be able to get to that website, and put some colorful advice in their feedback form :-)
Add new comment