Bumped into a problem where my firewall was refusing connections from a linux machine, found the reason and thought I would share:
saw similar problems around last august (i think) .. hotmail was refusing connections from one of my linux boxes. a bit of research showed me the following: : :http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds23698) : : Bud ID: CSCds23698 : : Headline: PIX sends RSET in response to tcp connections with ECN : : bits set : : Product: PIX : : Component: fw : : Severity: 2 Status: R [Resolved] : : Version Found: 5.1(1) : : Fixed-in Version: 5.1(2.206) 5.1(2.207) 5.2(1.200) : : fixes have been incorporated for a number of different release trains for : the pix. : : Fixed-In Version now covers releases: : 5.1(2.206), 5.1(2.207), 5.2(1.200), 6.0(0.100), 5.2(3.210) : : NB. it has been posted that Raptor filewalls will also apparently fail to : allow connections with ECN bits set. the workaround i was using was: echo "0" >/proc/sys/net/ipv4/tcp_ecn (though i was kind of pissed i had to even use a workaround and those sites were being too stubborn to fix their gear). cheers. -ken harris.