Due to an issue that the 2.6.17+ kernel exemplified, all of the sites I host (annvix.org, linsec.ca, danen.ca, etc.) have been unavailable to anyone using a 2.6.17+ kernel due to a change in the way TCP window scaling was implemented, which has been noted in a number of places (here’s one: TCP Window Scaling and kernel 2.6.17+).
This issue was noticed when I set up the mock Mandriva wiki a few months ago and I could never figure out where the problem was coming from (the server is at a co-location, behind two different OpenBSD firewalls with three switches in the closet.. nevermind all the junk in front of that). Well, today it got figured out.
Turns out the issue was with an OpenBSD firewall and the interface packets to my machine were being sent through was on a gigabit intel pro card. Now, I don’t know if the problem is with the card itself or with OpenBSD’s drivers for it, but after a whole lot of trouble-shooting and shuffling things around, we finally put the network my machine is on via a different interface in the OpenBSD firewall, rebooted it, and all of a sudden all of the problems disappeared. I’ve noticed that as more people upgrade to distros shipping this new kernel, more issues were showing up… not only could regular desktop users not connect to my sites, but some sites delivering mail would timeout, etc. I’m suspecting this is due to upgrades of kernels on those machines.
Anyways, this is all fixed now. For the first time in I don’t know how long, I can visit my websites via my Mandriva desktop. Wow, is it nice to have that again! So… welcome back all you 2.6.17+ using people! It’s a nuisance that the kernel developers knew about this issue and didn’t care to do anything about it. Sure, the problem isn’t technically with the linux kernel, but when you go from 2.6.16 (which worked fine) to 2.6.17 (which didn’t) and they’re aware of it and poo-poo the situation, well… that’s not fun for anyone (it’s not like I, and many others like me, can go and tell people to change the TCP window scaling value on their desktop machine for anyone who wants to visit).
Oh well… the nuisance, for me at least, is dealt with. And I’m very glad of it.