I'm using the x86 image but because Bob reported the i686 to work I've downloaded Bering-uClibc_6.0.0_i686_syslinux_serial115200.tar.gz and installed it on a fresh flash drive. Booted it up with the pristine config and the only thing I've changed is to set CLAMPMSS=Yes.
Must be something obvious... but not obvious enough for me to see it... LEAF Bering-uClibc 6.0.0 Rev 1 uClibc 1.0.17 at firewall Linux 4.4.26-i686 #1 SMP Thu Oct 20 13:37:15 CEST 2016 firewall# vi shorewall.conf firewall# shorewall restart Compiling using Shorewall 5.0.12.1... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... ERROR: CLAMPMSS=Yes requires TCPMSS Target in your kernel and iptables firewall# shorewall show capabilities Shorewall has detected the following iptables/netfilter capabilities: ACCOUNT Target (ACCOUNT_TARGET): Not available AUDIT Target (AUDIT_TARGET): Not available Address Type Match (ADDRTYPE): Available Amanda Helper: Available Arptables JF (ARPTABLESJF): Not available Basic Ematch (BASIC_EMATCH): Not available Basic Filter (BASIC_FILTER): Not available CLASSIFY Target (CLASSIFY_TARGET): Not available CONNMARK Target (CONNMARK): Not available CT Target (CT_TARGET): Available Capabilities Version (CAPVERSION): 50004 Checksum Target (CHECKSUM_TARGET): Not available Comments (COMMENTS): Available Condition Match (CONDITION_MATCH): Not available Connection Tracking Match (CONNTRACK_MATCH): Available Connlimit Match (CONNLIMIT_MATCH): Not available Connmark Match (CONNMARK_MATCH): Not available DSCP Match (DSCP_MATCH): Not available DSCP Target (DSCP_TARGET): Not available Enhanced Multi-port Match (EMULIPORT): Available Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH): Available Extended MARK Target (XMARK): Available Extended MARK Target 2 (EXMARK): Available Extended Multi-port Match (XMULIPORT): Available Extended REJECT (ENHANCED_REJECT): Available FLOW Classifier (FLOW_FILTER): Not available FTP Helper: Available FTP-0 Helper: Not available Geo IP Match (GEOIP_MATCH): Not available Goto Support (GOTO_TARGET): Available H323 Helper: Available Hashlimit Match (HASHLIMIT_MATCH): Not available Header Match (HEADER_MATCH): Not available Helper Match (HELPER_MATCH): Not available IMQ Target (IMQ_TARGET): Not available IP range Match(IPRANGE_MATCH): Not available IPMARK Target (IPMARK_TARGET): Not available IPP2P Match (IPP2P_MATCH): Not available IRC Helper: Available IRC-0 Helper: Not available Iface Match (IFACE_MATCH): Not available Kernel Version (KERNELVERSION): 40426 LOG Target (LOG_TARGET): Available LOGMARK Target (LOGMARK_TARGET): Not available MARK Target (MARK): Available MASQUERADE Target (MASQUERADE_TGT): Available Mangle FORWARD Chain (MANGLE_FORWARD): Available Mark in the filter table (MARK_ANYWHERE): Available Multi-port Match (MULTIPORT): Available NAT (NAT_ENABLED): Available NFAcct Match: Not available NFLOG Target (NFLOG_TARGET): Available NFQUEUE Target (NFQUEUE_TARGET): Not available Netbios_ns Helper: Available New tos Match (NEW_TOS_MATCH): Not available Owner Match (OWNER_MATCH): Not available Owner Name Match (OWNER_NAME_MATCH): Not available PPTP Helper: Available Packet Mangling (MANGLE_ENABLED): Available Packet Type Match (USEPKTTYPE): Not available Packet length Match (LENGTH_MATCH): Not available Persistent SNAT (PERSISTENT_SNAT): Not available Physdev Match (PHYSDEV_MATCH): Not available Physdev-is-bridged Support (PHYSDEV_BRIDGE): Not available Policy Match (POLICY_MATCH): Not available RPFilter Match (RPFILTER_MATCH): Not available Raw Table (RAW_TABLE): Available Rawpost Table (RAWPOST_TABLE): Not available Realm Match (REALM_MATCH): Not available Recent Match "--reap" option (REAP_OPTION): Available Recent Match (RECENT_MATCH): Available Repeat match (KLUDGEFREE): Not available SANE Helper: Available SANE-0 Helper: Not available SIP Helper: Available SIP-0 Helper: Not available SNMP Helper: Available Statistic Match (STATISTIC_MATCH): Not available TARPIT Target (TARPIT_TARGET): Not available TCPMSS Match (TCPMSS_MATCH): Not available TCPMSS Target (TCPMSS_TARGET): Not available TFTP Helper: Available TFTP-0 Helper: Not available TPROXY Target (TPROXY_TARGET): Not available Time Match (TIME_MATCH): Not available UDPLITE Port Redirection (UDPLITEREDIRECT): Not available ULOG Target (ULOG_TARGET): Not available fwmark route mask (FWMARK_RT_MASK): Available ipset V5 (IPSET_V5): Not available iptables --wait option (WAIT_OPTION): Available iptables -S (IPTABLES_S): Available firewall# lsmod | grep TCPMSS firewall# apkg -l initrd 6.0.0 Rev 1 uClibc 1.0.17 root 6.0.0 Rev 1 uClibc 1.0.17 config 0.8 Rev 8 uClibc 1.0.17 etc 6.0.0 Rev 1 uClibc 1.0.17 modules 4 Rev 1 uClibc 1.0.17 license 1 Rev 8 uClibc 1.0.17 local 3.0 Rev 2 uClibc 1.0.17 dhcpcd 6.11.5 Rev 1 uClibc 1.0.17 keyboard 1.1 Rev 2 uClibc 1.0.17 shorwall 5.0.12.1 Rev 1 uClibc 1.0.17 iptables 1.4.21 Rev 3 uClibc 1.0.17 perl 5.24.0 Rev 1 uClibc 1.0.17 libdigest-sha1-perl 2.13 Rev 4 uClibc 1.0.17 ulogd 2.0.5 Rev 1 uClibc 1.0.17 libnfnetlink 1.0.1 Rev 1 uClibc 1.0.17 libnetfilter_log 1.0.1 Rev 1 uClibc 1.0.17 libnetfilter_conntrack 1.0.6 Rev 1 uClibc 1.0.17 libnetfilter_acct 1.0.2 Rev 1 uClibc 1.0.17 shorwall6 5.0.12.1 Rev 1 uClibc 1.0.17 dnsmasq 2.76 Rev 1 uClibc 1.0.17 dropbear 2016.74 Rev 1 uClibc 1.0.17 mhttpd 1.25 Rev 1 uClibc 1.0.17 webconf 1.2 Rev 4 uClibc 1.0.17 configdb firewall# On Wed, Nov 23, 2016 at 7:31 PM, kp kirchdoerfer < kap...@users.sourceforge.net> wrote: > Hi Sven; > > Am Dienstag, 22. November 2016, 21:43:48 schrieb Sven Kirmess: > > I get this error message when I try to enable CLAMPMSS=Yes. This worked > > with LEAF Bering-uClibc 5.2.5 but doesn't work with LEAF Bering-uClibc > > 6.0.0. > > > > Was something in the kernel changed or did I do something wrong with the > > migration? > > It does work for me. > > How did you migrate? > > What does > shorewall show capabilities > > show? > > And > lsmod | grep TCPMSS > > And of course > apkg -l > > kp > > ------------------------------------------------------------ > ------------------ > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > ------------------------------------------------------------------------------ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
