Juan Guillermo Fernández V.
2004-Sep-22 13:16 UTC
Trouble with mails and connections through ADSL
Hello every one, first time poster, four month shorewaller ;) As the subject states, I''ve been experienced the infamous trouble described in the next excerpt from shorewall.conf # MSS CLAMPING # # Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU" # option. This option is most commonly required when your internet # interface is some variant of PPP (PPTP or PPPoE). Your kernel must # have CONFIG_IP_NF_TARGET_TCPMSS set. # # [From the kernel help: # # This option adds a `TCPMSS'' target, which allows you to alter the # MSS value of TCP SYN packets, to control the maximum size for that # connection (usually limiting it to your outgoing interface''s MTU # minus 40). # # This is used to overcome criminally braindead ISPs or servers which # block ICMP Fragmentation Needed packets. The symptoms of this # problem are that everything works fine from your Linux # firewall/router, but machines behind it can never exchange large # packets: # 1) Web browsers connect, then hang with no data received. # 2) Small mail works fine, but large emails hang. # 3) ssh works fine, but scp hangs after initial handshaking. # ] # # If left blank, or set to "No" or "no", the option is not enabled. # CLAMPMSS=Yes As you can see, I''ve activated the option, but to no result watsoever. I''ve checked my kernel config, and it states that CONFIG_IP_NF_TARGET_TCPMSS is a loadable module, that should be loaded on demand. my kernel info (uname -a) on RH 7.3 Linux Hades 2.4.20-30.7.legacy #1 Fri Feb 20 14:31:41 PST 2004 i686 unknown any idea why this module isn''t getting loaded as it should? Maybe I should force it with some other parameter, perhaps a line in /etc/modules.conf ? Thanks in advance for any help!
> Hello every one, first time poster, four month shorewaller ;) > > As the subject states, I''ve been experienced the infamous trouble > described > in the next excerpt from shorewall.conf > > # MSS CLAMPING > # > # Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to > PMTU" > # option. This option is most commonly required when your internet > # interface is some variant of PPP (PPTP or PPPoE). Your kernel must > # have CONFIG_IP_NF_TARGET_TCPMSS set. > # > # [From the kernel help: > # > # This option adds a `TCPMSS'' target, which allows you to alter the > # MSS value of TCP SYN packets, to control the maximum size for that > # connection (usually limiting it to your outgoing interface''s MTU > # minus 40). > # > # This is used to overcome criminally braindead ISPs or servers which > # block ICMP Fragmentation Needed packets. The symptoms of this > # problem are that everything works fine from your Linux > # firewall/router, but machines behind it can never exchange large > # packets: > # 1) Web browsers connect, then hang with no data received. > # 2) Small mail works fine, but large emails hang. > # 3) ssh works fine, but scp hangs after initial handshaking. > # ] > # > # If left blank, or set to "No" or "no", the option is not enabled. > # > CLAMPMSS=Yes > > As you can see, I''ve activated the option, but to no result watsoever. > I''ve > checked my kernel config, and it states that CONFIG_IP_NF_TARGET_TCPMSS is > a > loadable module, that should be loaded on demand. > > my kernel info (uname -a) on RH 7.3 > > Linux Hades 2.4.20-30.7.legacy #1 Fri Feb 20 14:31:41 PST 2004 i686 > unknown > > any idea why this module isn''t getting loaded as it should? Maybe I should > force it with some other parameter, perhaps a line in /etc/modules.conf ?Did you try adding it to /etc/shorewall/modules ? Simon> > Thanks in advance for any help! > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simon Matter wrote: |>CLAMPMSS=Yes |> |>As you can see, I''ve activated the option, but to no result watsoever. |>I''ve |>checked my kernel config, and it states that CONFIG_IP_NF_TARGET_TCPMSS is |>a |>loadable module, that should be loaded on demand. |> |>my kernel info (uname -a) on RH 7.3 |> |>Linux Hades 2.4.20-30.7.legacy #1 Fri Feb 20 14:31:41 PST 2004 i686 |>unknown |> |>any idea why this module isn''t getting loaded as it should? Maybe I should |>force it with some other parameter, perhaps a line in /etc/modules.conf ? | | | Did you try adding it to /etc/shorewall/modules ? | Folks -- if the code wasn''t in the Juan''s kernel (either as a module or compiled in), Shorewall wouldn''t start. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBUYoMO/MAbZfjDLIRAoBQAKCIDHTicCp2TL2ey4PcsKwuRoTCuwCfWXiB rh4BbLXR02PWcVTULCKizS4=kUwc -----END PGP SIGNATURE-----