Juan Guillermo Fernández V.
2004-Sep-22 20:03 UTC
Re: Shorewall-users Digest, Vol 22, Issue 47
I said:> # MSS CLAMPING > # Your kernel must have CONFIG_IP_NF_TARGET_TCPMSS set. > > I''ve activated the option, but to no result watsoever. > Checked my kernel config, and it states that CONFIG_IP_NF_TARGET_TCPMSS isa> loadable module, that should be loaded on demand. >Simon said:> Did you try adding it to /etc/shorewall/modules ?Actually, no I didn''t, so I''ve just tryed it. Found the module: /lib/modules/2.4.20-30.7.legacy/kernel/net/ipv4/netfilter/ipt_tcpmss.o so, I added this line to /etc/shorewall/modules loadmodule ipt_tcpmss so my modules file looks like this now: loadmodule ip_tables loadmodule iptable_filter loadmodule ipt_tcpmss # This one I added loadmodule ip_conntrack loadmodule ip_conntrack_ftp loadmodule ip_conntrack_tftp loadmodule ip_conntrack_irc loadmodule iptable_nat loadmodule ip_nat_ftp loadmodule ip_nat_tftp loadmodule ip_nat_irc Restarted shorewall, but to no effect at all. Now, It may be that I loaded the module to soon, or too late (maybe a diferent placement on the load modules list), or a conflict with some other module; but at least on the booting process nothing looked abnormal. By the way, my connection is ADSL, but no pppoe protocol. It works as a cablemodem, as a transparent bridge for the NIC. thanks again for any help.
On Wed, 2004-09-22 at 16:03 -0400, Juan Guillermo Fernández V. wrote:> > Did you try adding it to /etc/shorewall/modules ? > > Actually, no I didn''t, so I''ve just tryed it. Found the module: > > /lib/modules/2.4.20-30.7.legacy/kernel/net/ipv4/netfilter/ipt_tcpmss.o > > so, I added this line to /etc/shorewall/modules > > loadmodule ipt_tcpmss > > Restarted shorewall, but to no effect at all. Now, It may be that I loaded > the module to soon, or too late (maybe a diferent placement on the load > modules list), or a conflict with some other module; but at least on the > booting process nothing looked abnormal. >As Tom indicated earlier, the module should autoload. What does /sbin/lsmod tell you? Is it loaded there? How about dmesg, does it log any errors? I think we can start asking for the relevant information in http://www.shorewall.net/support.htm. -- David Hollis <dhollis@davehollis.com>
On Wednesday 22 September 2004 14:41, David Hollis wrote:> On Wed, 2004-09-22 at 16:03 -0400, Juan Guillermo Fernández V. wrote: > > > Did you try adding it to /etc/shorewall/modules ? > > > > Actually, no I didn''t, so I''ve just tryed it. Found the module: > > > > /lib/modules/2.4.20-30.7.legacy/kernel/net/ipv4/netfilter/ipt_tcpmss.o > > > > so, I added this line to /etc/shorewall/modules > > > > loadmodule ipt_tcpmss > > > > Restarted shorewall, but to no effect at all. Now, It may be that I > > loaded the module to soon, or too late (maybe a diferent placement on the > > load modules list), or a conflict with some other module; but at least on > > the booting process nothing looked abnormal. > > As Tom indicated earlier, the module should autoload.And more importantly, if the module doesn''t load properly then "shorewall start" will fail. Given that "shorewall start" succeeds, the whole TCPMSS module loading question is irrelevant to the root cause of the problem. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key