Originally Posted by
grant.guenther
I'm not a Ubuntu user, but I found this thread while trying to resolve the same problem with Fedora 9. Seems there's a tcp option that the PCFinancial server does not like. Try:
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
(or set it in /etc/sysctl.conf).
Works for me, anyway.
Thanks for this. I am still having a little trouble. I have noticed a slow connection to pcfinancial.ca for a week or two.
My system: KDE 3.5.10 / Kubunutu 8.04.1
browser: Firefox 3.03
OK, to the problem,
Code:
chris@csHome:~$ cd /proc/sys/net/ipv4/
chris@csHome:/proc/sys/net/ipv4$ sudo tcp_window_scaling
sudo: tcp_window_scaling: command not found
I also observe all the files in /proc/sys/net/ipv4/ are of size 0 bytes. Is that normal?
Lastly, I include my /etc/sysctl.conf
Code:
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# the following stops low-level messages on console
kernel.printk = 4 4 1 7
# enable /proc/$pid/maps privacy so that memory relocations are not
# visible to other users. (Added in kernel 2.6.22.)
kernel.maps_protect = 1
# Increase inotify availability
fs.inotify.max_user_watches = 524288
# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
vm.mmap_min_addr = 65536
##############################################################3
# Functions previously found in netbase
#
# Comment the next two lines to disable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167)
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.ip_forward=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Ignore ICMP broadcasts
#net/ipv4/icmp_echo_ignore_broadcasts = 1
#
# Ignore bogus ICMP errors
#net/ipv4/icmp_ignore_bogus_error_responses = 1
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net/ipv4/conf/all/accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net/ipv4/conf/all/secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net/ipv4/conf/all/send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net/ipv4/conf/all/accept_source_route = 0
#
# Log Martian Packets
#net/ipv4/conf/all/log_martians = 1
#
# Always defragment packets
#net/ipv4/ip_always_defrag = 1
There is no property to enable/disable tcp_window_scaling. Where do I find this?
And lastly, why does the pcfinancial.ca secure site require this to be disabled? Sorry for all the questions!