Tom Eastep schrieb:
Philipp Rusch wrote:
Hello Tom,
I did what you suggested:
a) Does everything work if you "shorewall clear" then run this command?
iptables -A FORWARD -j TCPMSS --set-mss 1400
If it doesn't, then the problem has nothing to do with Shorewall
I get an error : "iptables: Unknown error 18446744073709551615"
What does that mean ? Is my kernel broken ?
OK- googled for that error and found some discussion in
lists.netfilter.org ...
but, to be honest, I don't understand/know what to do know.
It's an old bug that has been fixed for months that the "Enterprise"
distributions are just now encountering.
At any rate, the command I gave you was incomplete. It should have been:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
Sorry for the confusion,
-Tom
Tom,
I did shorewall clear and then the command above.
Ipsec-tunnel was running all the time, I did ping from "inside" to
"remote" - no replies.
But the packets don't go to the ipsec-zone "fil" they are handled in
all2all chain.
What can I do to further investigate that setup?
BTW - this morning I had to do a complete restart with the firewall
system - a thing I
never had to do with shorewall so far. Did not have any error in
var/logs/firewall nor
in /var/logs/messages, system just did not accept any dns-request, which
are just
to be natted and routed to the ISP over there. - Strange -
Could this hickup be the result of my faulty ipsec-setup?
--
Mit freundlichen Grüßen,
Philipp Rusch
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
