Linksys RV016 Router / Firewall / VPN + Linux

November 16, 2006

At work, we installed a Linksys RV016 Router + VPN solution. After one of our sys admins setup and turned on the firewall rules, I lost the ability to browse certain sites including slashdot.org, news.yahoo.com, and many others. But, many sites were fine.

I spent some time trying to figure out what the problem was, and realized that with the firewall disabled, everything was ok, but when it was on, I had troubles. Some web pages or images would load part way.

Other things I noticed included:

• WinXP and MacOSX boxes didn't have this problem. Only the two Fedora boxes did.
• It wasn't Linux specific - CentOS 4.x and Ubuntu Live didn't have the same problem.
• Fedora Core 4 (fc4), Fedora Core 5 (fc5), and Fedora Core 6 (fc6) all exposed this problem.
• Hand built kernels at or below 2.6.12 didn't show this problem, somewhere above 2.6.17, they did.

So, I had tracked it down to a kernel related change somewhere between 2.6.13 through 2.6.17.

I was able to route around the issue by using another point of entry, but that was a temporary fix. Eventually, I sought help on the Fedora mailing list and was pointed to a discussion on lkml (linux kernel mailing list). This led to a fix.

The discussion starts around here on lkml. The most important bit is here.

The workaround was to turn off tcp_window_scaling. To test this, do this:

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

net.ipv4.tcp_window_scaling = 0

--
Drew

tags:centos, fedora, kernel, linux, osx, software, windows

permalink | 3 comments