Joined: 08 Aug 2003
Location: Alexandria, VA
|Posted: Thu Sep 08, 2005 8:29 pm Post subject: No TCP connections without proxy [SOLVED]
|EDIT: I'm a moron. TCP_ECN was enabled. Just editing for any similar morons out there....
This is driving me crazy.
I've installed Gentoo on two Ultra 5's (I know, I know...). Identical installations. Both can get ICMP to any host on the Internet, but cannot get UDP or TCP through their default gateway (the gateway works; there are 4 functioning class C's behind it and no special rules for the two boxes' IP addresses). They can do TCP connections on their local subnet, and they can do TCP through a proxy that is on the local subnet out to the world. But, they can't get TCP out directly.
Also, both can *respond* to TCP connections from outside of their network (eg, I can ssh to both of them from home), but I couldn't ssh from one of them back to my house.
For the config-minded (essentially identical on both boxes -- all shell-style variables are the correct values):
interface status on boot:
node2 ~ # ifconfig eth0
eth0 Link encap:Ethernet HWaddr $MAC_ADDRESS
inet addr:$IP_ADDRESS Bcast: $BROADCAST Mask: 255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets: 2716 errors: 0 dropped:0 overruns:0 frame:0
TX packets:34 erros:0 dropped:0 overruns:0 carrier:0
RX bytes: 189918 (185.4 Kb) TX bytes:2364 (2.3 Kb)
Interrupt:224 Base address:0x2000
node2~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
$SUBNET * 255.255.252.0 U 0 0 0 eth0
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 $GATEWAY 0.0.0.0 UG 0 0 0 eth0
node2~# cat /etc/conf.d/net
config_eth0=( "$IPADDRESS broadcast $BROADCAST netmask 255.255.252.0" )
route_eth0=( "default gw $GATEWAY" )
I'm at a loss here. Why would the box make local TCP connections but refuse to send them through a router? I remember from way back in the day that Happy Meal cards don't like talking on Layer 2 with the interfaces of some routers; could this be it?
Any ideas would be great...
vi? *snicker* it doesn't even include a mail reader...