No TCP connections without proxy [SOLVED]
PostPosted: Thu Sep 08, 2005 8:29 pm    Post subject: No TCP connections without proxy [SOLVED]

EDIT: I'm a moron. TCP_ECN was enabled. Just editing for any similar morons out there....

This is driving me crazy.

I've installed Gentoo on two Ultra 5's (I know, I know...). Identical installations. Both can get ICMP to any host on the Internet, but cannot get UDP or TCP through their default gateway (the gateway works; there are 4 functioning class C's behind it and no special rules for the two boxes' IP addresses). They can do TCP connections on their local subnet, and they can do TCP through a proxy that is on the local subnet out to the world. But, they can't get TCP out directly.

Also, both can *respond* to TCP connections from outside of their network (eg, I can ssh to both of them from home), but I couldn't ssh from one of them back to my house.

For the config-minded (essentially identical on both boxes -- all shell-style variables are the correct values):
interface status on boot:

node2 ~ # ifconfig eth0
eth0     Link encap:Ethernet  HWaddr $MAC_ADDRESS
            inet addr:$IP_ADDRESS Bcast: $BROADCAST Mask:
            RX packets: 2716 errors: 0 dropped:0 overruns:0 frame:0
            TX packets:34 erros:0 dropped:0 overruns:0 carrier:0
            Collisions:0 txqueuelen:1000
            RX bytes: 189918 (185.4 Kb) TX bytes:2364 (2.3 Kb)
            Interrupt:224 Base address:0x2000

routing tables:

node2~# route -n
Kernel IP routing table
Destination    Gateway      Genmask        Flags   Metric   Ref   Use  Iface
$SUBNET     *           U         0           0       0       eth0           UG      0           0       0       lo          $GATEWAY              UG      0           0       0       eth0

config file

node2~# cat /etc/conf.d/net
config_eth0=( "$IPADDRESS broadcast $BROADCAST netmask" )
route_eth0=( "default gw $GATEWAY" )

I'm at a loss here. Why would the box make local TCP connections but refuse to send them through a router? I remember from way back in the day that Happy Meal cards don't like talking on Layer 2 with the interfaces of some routers; could this be it?

Any ideas would be great...
