Tom Eastep schrieb:
Philipp Rusch wrote:
Tom Eastep schrieb:
Philipp Rusch wrote:
Hello Tom,
I did what you suggested:
a) Does everything work if you "shorewall clear" then run this command?
iptables -A FORWARD -j TCPMSS --set-mss 1400
If it doesn't, then the problem has nothing to do with Shorewall
I get an error : "iptables: Unknown error 18446744073709551615"
What does that mean ? Is my kernel broken ?
OK- googled for that error and found some discussion in
lists.netfilter.org ...
but, to be honest, I don't understand/know what to do know.
It's an old bug that has been fixed for months that the "Enterprise"
distributions are just now encountering.
At any rate, the command I gave you was incomplete. It should have been:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
Sorry for the confusion,
-Tom
Tom,
I did shorewall clear and then the command above.
Ipsec-tunnel was running all the time, I did ping from "inside" to
"remote" - no replies.
So FIX THAT FIRST! I'll tell you once more; if it doesn't work without
Shorewall then it isn't going to work with Shorewall. Once you make it work
without Shorewall, THEN if it won't work with Shorewall then we can help
you. Not before.
But the packets don't go to the ipsec-zone "fil" they are handled in
all2all chain.
What can I do to further investigate that setup?
Philipp -- I've told you what to do. My post had 3 steps, the third of which was
c) If you can't solve the problem by looking at your log then please
follow the instructions at http://www.shorewall.net/support.htm#Guidelines
BTW - this morning I had to do a complete restart with the firewall
system - a thing I
never had to do with shorewall so far. Did not have any error in
var/logs/firewall nor
in /var/logs/messages, system just did not accept any dns-request, which
are just
to be natted and routed to the ISP over there. - Strange -
Could this hickup be the result of my faulty ipsec-setup?
How could we possibly know? All we have seen are snippets of your Shorewall
configuration.
-Tom
------------------------------------------------------------------------
Tom,
I didn't get this mail until now... strange
Regards from Germany,
--
Mit freundlichen Grüßen,
Philipp Rusch
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
