Hi Boris Am 12.05.2020 um 20:13 schrieb Boris: > Am 12.05.20 um 19:52 schrieb Erich Titl: >> Hi Boris >> >> Am 12.05.2020 um 19:47 schrieb Boris: >>> Hej Erich, >>> >>> >>> thank you VERY MUCH being online! >>> >>> Am 12.05.20 um 19:24 schrieb Erich Titl: >>>> Hi Boris >>>> >>>> Am 12.05.2020 um 19:09 schrieb Boris: >>>>> Am 12.05.20 um 19:06 schrieb Boris: >>>> ... >>>> >>>>>> >>>>> >>>>> agate# shorewall check >>>>> Checking using Shorewall 5.2.3.4... >>>>> Processing /etc/shorewall/params ... >>>>> Processing /etc/shorewall/shorewall.conf... >>>>> ERROR: CLAMPMSS=Yes requires TCPMSS Target in your kernel and >>>>> iptables /etc/shorewall/shorewall.conf (EOF) >>>>> >>>> >>>> What is your current release on that box? I was preetty sure TCPMSS was >>>> selected, but it might be a module. >>>> >>>> On 6.2.4, which I am running on my peripheral box, >>> >>> I have to admit: I'm still on 6.1.3 >>> >>>> SALT# lsmod | grep xt_TCPMSS >>>> xt_TCPMSS 16384 1 - Live 0xc0b69000 >>>> x_tables 20480 18 >>>> ipt_MASQUERADE,xt_recent,xt_comment,ipt_REJECT,xt_addrtype,xt_physdev,xt_mark,iptable_mangle,xt_TCPMSS,xt_tcpudp,xt_CT,iptable_raw,xt_multiport,xt_conntrack,xt_NFLOG,xt_LOG,iptable_filter,ip_tables, >>>> Live 0xc08f9000 >>>> >>>> It looks like xt_TCPMSS is a module and was not loaded at shorewall start. >>>> >>>> Try >>>> >>>> mount_modules >>>> shorewall check >>>> umount_modules >>> >>> YES! Configuration is validated (with CLAMPMSS=1300 from SASSY). >>> And Shorewall is restarted. >>> >>> And yes: It seems to work! Mail receiving an sending is possible. And >>> also, the wieistmeineip.de is doing good! >>> >>> So I should make that module persistent and will do further testing. >> >> I _believe_ if you set CLAMPMSS=Yes, possiply also CLAMPMSS=<value>, >> shorewall will load the module at start. >> > > I wrote it to /etc/modules and stepped back to CLAMPMSS=No to have a > cross check.
It does not make a difference but I suggest to let shorewall load the module at start, which you will have if there is Yes (or a value) at CLAMPMSS. cheers ET
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
