I have a Linux box that's having a proble with FTP and Telnet access
from outside our network.  When a user, inside our local network, FTP
or Telnet's to our Linux box everything works fine.  When it's a user
from the our side there is a small problem.  Anytime a large chunch of
data (like an l command or a file transfer) the connection locks up. 
What causes this and how can I fix this?  Thank you.

---

Request for Question Clarification by maniac-ga on 12 Apr 2004 17:44 PDT

Hello Johngl,

Hmm. There were some changes in Linux networking done in the last
couple years that have broken some routers / firewalls. To quote
  http://www.kernel.org/

  "Please note that kernel.org uses Explicit Congestion Notification
(ECN), as defined in RFC 3168. Some broken firewalls or gateways may
have problem connecting to ECN-enabled servers.  Please contact your
firewall or gateway vendor for necessary updates. "

 I cannot determine if this is your problem without some further
information. Please describe:
 - the Linux distribution and/or kernel version you are using.
 - what the "out side user" is using to connect to your server
 - any firewall / router products you may have between the local
network and the outside.

Thanks.
  --Maniac

---

Clarification of Question by johngl-ga on 13 Apr 2004 13:39 PDT

Here is the version information:

Linux version 2.4.20-6 (bhcompile@porky.devel.redhat.com) (gcc version
3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #1 Thu Feb 27 10:06:59 EST
2003

People from the outside are just using normal telnet and ftp (command
line version) from either a Windows, Linux or SCO box.

The router that is being used is a Caymen Netopia 3500 Series Broadband Router.

Thanks for your time.  Have a great one.

---

Request for Question Clarification by maniac-ga on 13 Apr 2004 14:51 PDT

Hello Johngl,

OK. You have a pretty recent Red Hat distribution / kernel. That
certainly can do ECN.

As the "root" user, try the following
  cat /proc/sys/net/ipv4/tcp_ecn
the value displayed should be 1. You can disable it by using
  echo 0 > /proc/sys/net/ipv4/tcp_ecn
and have one of your users try a large file transfer. If that works -
let me know so I can prepare a proper answer (also indicating how to
make the change permanent).

If that does not fix the problem, there are some other settings that
may affect operation of TCP (the protocol used under telnet, ftp) that
I can suggest.

  --Maniac

---

Clarification of Question by johngl-ga on 13 Apr 2004 15:46 PDT

This was already set to 0.  Should I set it to 1?

Just as a general note, you should avoid providing telnet to the
outside world if at all possible, as it is extremely vulnerable to
security violation. For most purposes, ssh would be much better.
Rob.

it might be a maximum transmission unit problem. in windows you can
get programs to reduce the MTU size. I am not familiar with this in
linux, but there should be something similar. Different networks can
use different mtu's and usually the router should break things up that
are too big, but it won't always. so the solution if this is the
problem is to manually set a lower MTU on the afffected pc.