Hi Boris Am 12.05.2020 um 19:09 schrieb Boris: > Am 12.05.20 um 19:06 schrieb Boris: >> Am 12.05.20 um 19:04 schrieb Erich Titl: >>> Hi Boris >>> >>> Am 12.05.2020 um 18:59 schrieb Boris: >>>> Am 12.05.20 um 18:51 schrieb Erich Titl: >>>>> Hi Boris >>>>> >>>>> Am 12.05.2020 um 18:46 schrieb Boris: >>>>>> Am 12.05.20 um 18:32 schrieb Erich Titl: >>>>>>> Hi Boris >>>>>>> >>>>>>> Am 12.05.2020 um 17:17 schrieb Boris: >>>>>>>> Hej Erich and Sassy, >>>>>>>> hej list, >>>>>>>> >>>>>>> .... >>>>>>> >>>>>>>>> >>>>>>>>> Yes and one suggestion in FAQ77 suggests the same. >>>>>>>>> >>>>>>>> >>>>>>>> Wow, what a success! Thank you so very much! That was the key! >>>>>>>> I wrote the two sip-helpers in DONT_LOAD in shorewall.conf and the >>>>>>>> phonecall work just perfect! >>>>>>> >>>>>>> Good >>>>>>> >>>>>>>> >>>>>>>> Now the last issue is receiving the mail.... >>>>>>>> In this case pop3s is used and the traffic is redirected to a different >>>>>>>> port as well. Is there another helper to be disabled?? >>>>>>>> >>>>>>> >>>>>>> Let us know more details about your pop3 problem. >>>>>>> >>>>>> >>>>>> Hello Erich, >>>>>> >>>>>> well, the VoIP is a great success! >>>>>> >>>>>> BUT now as we make further checks, we find _some_ silly behaviour: >>>>>> >>>>>> 1. It's not possible to send mail via 1und1 but via t-online. >>>>>> Thunderbird tells 'connected to smtp.1und1.de' but after a minute or so >>>>>> there is a timeout. Same with receiving mail at pop.1und1.de. >>>>>> >>>>>> 2. It's not possible to visit at least one Website: wieistmeineip.de >>>>> >>>>> Have a look at you MTU size, you may need to twiddle that a little. >>>>> >>>> >>>> MTU is set to 1492 . >>>> I thought 1500 is default?? >>>> >>> >>> ppp is different. >>> >>> What is your entry in shorewall.conf >>> >>> CLAMPMSS=Yes >>> >> >> Current setting is >> >> CLAMPMSS=No >> >> I'll try to switch.... >> > > agate# shorewall check > Checking using Shorewall 5.2.3.4... > Processing /etc/shorewall/params ... > Processing /etc/shorewall/shorewall.conf... > ERROR: CLAMPMSS=Yes requires TCPMSS Target in your kernel and > iptables /etc/shorewall/shorewall.conf (EOF) >
What is your current release on that box? I was preetty sure TCPMSS was selected, but it might be a module. On 6.2.4, which I am running on my peripheral box, SALT# lsmod | grep xt_TCPMSS xt_TCPMSS 16384 1 - Live 0xc0b69000 x_tables 20480 18 ipt_MASQUERADE,xt_recent,xt_comment,ipt_REJECT,xt_addrtype,xt_physdev,xt_mark,iptable_mangle,xt_TCPMSS,xt_tcpudp,xt_CT,iptable_raw,xt_multiport,xt_conntrack,xt_NFLOG,xt_LOG,iptable_filter,ip_tables, Live 0xc08f9000 It looks like xt_TCPMSS is a module and was not loaded at shorewall start. Try mount_modules shorewall check umount_modules Else you will have to restart shorewall cheers ET
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
