Am 12.05.20 um 19:52 schrieb Erich Titl: > Hi Boris > > Am 12.05.2020 um 19:47 schrieb Boris: >> Hej Erich, >> >> >> thank you VERY MUCH being online! >> >> Am 12.05.20 um 19:24 schrieb Erich Titl: >>> Hi Boris >>> >>> Am 12.05.2020 um 19:09 schrieb Boris: >>>> Am 12.05.20 um 19:06 schrieb Boris: >>> ... >>> >>>>> >>>> >>>> agate# shorewall check >>>> Checking using Shorewall 5.2.3.4... >>>> Processing /etc/shorewall/params ... >>>> Processing /etc/shorewall/shorewall.conf... >>>> ERROR: CLAMPMSS=Yes requires TCPMSS Target in your kernel and >>>> iptables /etc/shorewall/shorewall.conf (EOF) >>>> >>> >>> What is your current release on that box? I was preetty sure TCPMSS was >>> selected, but it might be a module. >>> >>> On 6.2.4, which I am running on my peripheral box, >> >> I have to admit: I'm still on 6.1.3 >> >>> SALT# lsmod | grep xt_TCPMSS >>> xt_TCPMSS 16384 1 - Live 0xc0b69000 >>> x_tables 20480 18 >>> ipt_MASQUERADE,xt_recent,xt_comment,ipt_REJECT,xt_addrtype,xt_physdev,xt_mark,iptable_mangle,xt_TCPMSS,xt_tcpudp,xt_CT,iptable_raw,xt_multiport,xt_conntrack,xt_NFLOG,xt_LOG,iptable_filter,ip_tables, >>> Live 0xc08f9000 >>> >>> It looks like xt_TCPMSS is a module and was not loaded at shorewall start. >>> >>> Try >>> >>> mount_modules >>> shorewall check >>> umount_modules >> >> YES! Configuration is validated (with CLAMPMSS=1300 from SASSY). >> And Shorewall is restarted. >> >> And yes: It seems to work! Mail receiving an sending is possible. And >> also, the wieistmeineip.de is doing good! >> >> So I should make that module persistent and will do further testing. > > I _believe_ if you set CLAMPMSS=Yes, possiply also CLAMPMSS=<value>, > shorewall will load the module at start. >
I wrote it to /etc/modules and stepped back to CLAMPMSS=No to have a cross check. Perfect! Mail receive does not work with CLAMPMSS=No and does with CLAMPMSS=Yes! I guess that's it! You made it! I am very lucky and full of thanks!! Boris _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users