-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 6/26/20 4:48 PM, Vieri Di Paola wrote:
> Hi,
>
> When I see packets going out an external interface on a Shorewall
> gateway ('net' ppp interface) and nothing coming back, what can
> that mean?
>
> In the dump below, 1.1.1.1 is my ppp interface's IP address and
> 2.2.2.2 is an Internet IP address a client browser in the LAN is
> trying to connect to.
>
> IP 1.1.1.1.42829 > 2.2.2.2.80: Flags [S], seq 2591556487, win
> 64240, options [mss 1452,sackOK,TS val 836437644 ecr 0,nop,wscale
> 7], length 0 IP 1.1.1.1.58787 > 2.2.2.2.80: Flags [S], seq
> 423725894, win 64240, options [mss 1452,sackOK,TS val 836439874 ecr
> 0,nop,wscale 7], length 0 IP 1.1.1.1.58787 > 2.2.2.2.80: Flags [S],
> seq 423725894, win 64240, options [mss 1452,sackOK,TS val 836440898
> ecr 0,nop,wscale 7], length 0 IP 1.1.1.1.58787 > 2.2.2.2.80: Flags
> [S], seq 423725894, win 64240, options [mss 1452,sackOK,TS val
> 836442978 ecr 0,nop,wscale 7], length 0 IP 1.1.1.1.58787 >
> 2.2.2.2.80: Flags [S], seq 423725894, win 64240, options [mss
> 1452,sackOK,TS val 836447031 ecr 0,nop,wscale 7], length 0
>
> I see nothing in the shorewall log related to 2.2.2.2, and I have
> no rule blocking it.
>
> What should I be looking for?
Can other hosts connect to this site out of the ppp interface?
>
> I have CLAMPMSS=Yes on this Shorewall gateway.
>
That isn't relevant to this problem. Path MTU problems show up when
data is being transferred and not during the initial TCP handshake.
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster
Shoreline, \ with an international standard?
Washington, USA \ A: Someone who makes you an offer you
http://shorewall.org \ can't understand
\________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl731cAACgkQluaz8kI6
TRAkyhAArZ16tJ5DoRxa9l4RgpDSM/Amj2TWEKwu4XXRd8xzzAD/S/l2kM7xanOP
m4krYU5AOirE/nmSKfv6rWNGLnfnYjTQ/AmA/oAnxj6gdOquB+UBNbHGQ12GkWii
9jaA1BgE8hneSSp9C9PXEG1iX6vGZjSOyj8kQ7/WM1+9LEQV620ho0XdWDmXNDxo
xWq3TcOAUs7PD1+PC5Lnz91Kfe3Jx46l8aq3VqizzU1ewsJOawiJ/GS3zoyZDw5X
XJc/0hSnWnl1alnqzcWHmndHSQpZxTc5B83tzamhZbqXDa7IRjdtTQyNXUvIDtEC
99BDJZBw0gwdU8z5Hqn9WuBH92D9rKm/phka9SyvC7h35qT51KVh2qIv6qjI/B4f
cpu2Aow0u4OKkwq0HaRLH4orU2XRjElXNwSfEpRChyrMwjKBAs7A1mXDLm3WS3jW
Mi0ik3IpmqVP/k/90kcsbmobrMK6OpSwRrp6mbNa8FJSiqyiKakR8bMLpaggPTzJ
xTg4ALLh82PiETXfOsi/FC5QSChw3QqBtCJK9J78Lvvbv13BpDKe7/LHD4QUYaLl
RXs0a8YP1H73jyJt5+Abv+FYVadaVwWrWljtQsi6I860lq+/AvJKfGoerSgTpSSR
bcjWBrLs9sxCAJtQlPZ99oOOClTibiOc+oGnKjIwx4egcUk01W8=
=SEYy
-----END PGP SIGNATURE-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
