From b079a1cefd3e0b2ec20ecb96861d4ebdb8ac8671 Mon Sep 17 00:00:00 2001 From: mhnoyes Date: Sat, 13 Dec 2003 21:35:09 +0000 Subject: [PATCH] DocBook XML conversion git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@844 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs/ECN.xml | 81 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 Shorewall-docs/ECN.xml diff --git a/Shorewall-docs/ECN.xml b/Shorewall-docs/ECN.xml new file mode 100644 index 000000000..870ac5f55 --- /dev/null +++ b/Shorewall-docs/ECN.xml @@ -0,0 +1,81 @@ + + +
+ + ECN + + + + Tom + + Eastep + + + + + 2001 + + 2002 + + 2003 + + Thomas M. Eastep + + + 2003-03-28 + + +
+ Explicit Congestion Notification (ECN) + + Explicit Congestion Notification (ECN) is described in RFC 3168 and + is a proposed internet standard. Unfortunately, not all sites support ECN + and when a TCP connection offering ECN is sent to sites that don't + support it, the result is often that the connection request is ignored. + + To allow ECN to be used, Shorewall allows you to enable ECN on your + Linux systems then disable it in your firewall when the destination + matches a list that you create (the /etc/shorewall/ecn file). + + You enable ECN by + + echo 1 > /proc/sys/net/ipv4/tcp_ecn + + You must arrange for that command to be executed at system boot. + Most distributions have a method for doing that -- on RedHat, you make an + entry in /etc/sysctl.conf. + + net.ipv4.tcp_ecn = 1 + + Entries in /etc/shorewall/ecn have two columns as follows: + + + + INTERFACE + + + The name of an interface on your system + + + + + HOST(S) + + + An address (host or subnet) of a system or group of systems + accessed through the interface in the first column. You may include + a comma-separated list of such addresses in this column. + + + + + + Your external interface is eth0 and you want to disable ECN for + tcp connections to 192.0.2.0/24: + + /etc/shorewall/ecnINTERFACEHOST(S)eth0192.0.2.0/24
 + +
+
\ No newline at end of file