Linksys RV016 Router / Firewall / VPN + Linux

November 16, 2006

At work, we installed a Linksys RV016 Router + VPN solution. After one of our sys admins setup and turned on the firewall rules, I lost the ability to browse certain sites including slashdot.org, news.yahoo.com, and many others. But, many sites were fine.

I spent some time trying to figure out what the problem was, and realized that with the firewall disabled, everything was ok, but when it was on, I had troubles. Some web pages or images would load part way.

Other things I noticed included:

  • WinXP and MacOSX boxes didn't have this problem. Only the two Fedora boxes did.
  • It wasn't Linux specific - CentOS 4.x and Ubuntu Live didn't have the same problem.
  • Fedora Core 4 (fc4), Fedora Core 5 (fc5), and Fedora Core 6 (fc6) all exposed this problem.
  • Hand built kernels at or below 2.6.12 didn't show this problem, somewhere above 2.6.17, they did.

So, I had tracked it down to a kernel related change somewhere between 2.6.13 through 2.6.17.

I was able to route around the issue by using another point of entry, but that was a temporary fix. Eventually, I sought help on the Fedora mailing list and was pointed to a discussion on lkml (linux kernel mailing list). This led to a fix.

The discussion starts around here on lkml. The most important bit is here.

The workaround was to turn off tcp_window_scaling. To test this, do this:

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
and to make it permanent add this line to /etc/sysctl.conf:
net.ipv4.tcp_window_scaling = 0

--
Drew

tags:centos, fedora, kernel, linux, osx, software, windows

permalink | 3 comments

Comments

posted by Dougie Richardson on Sep 27, 2007

Great information, solved a problem!

posted by aluminium composite panels on Apr 25, 2011

Thanks for another awesome post. I am quite sure this article has helped me save many hours of reading other similar posts just to find what I was looking for. Keep up the good work: Thank you!

posted by Cameron Bodin on Jul 05, 2011

My brother suggested I may like this web-site. He was entirely proper. This post really made my day. It is possible to not envision just how much time I had spent for this details! Thanks!
 

Comments are currently closed.

Valid XHTML 1.0! Valid CSS!