Hello Tom, now here''s my dump file as .zip attachment, but named .txt, because the list-server rejected the .zip, then my second try (uncompressed) was rejected because of the size. What I was doing is connecting from remote side of an ipsec tunnel (behind gw 212.168.178.226), from a windows machine with 192.168.246.20 to the firewall-system (remote ip 217.19.188.182 / internal ip is 192.168.115.254), using PuTTY as SSH-client. I can login, but as soon as I start something that produces "traffic" my session hangs (mc for example). Thanks for your time. Regards, -- Mit freundlichen Grüßen, Philipp Rusch ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Philipp Rusch wrote:> Hello Tom, > > now here''s my dump file as .zip attachment, but named .txt, because the > list-server rejected the .zip, > then my second try (uncompressed) was rejected because of the size. > What I was doing is connecting from remote side of an ipsec tunnel > (behind gw 212.168.178.226), from > a windows machine with 192.168.246.20 to the firewall-system (remote ip > 217.19.188.182 / internal ip > is 192.168.115.254), using PuTTY as SSH-client. > I can login, but as soon as I start something that produces "traffic" > my session hangs (mc for example).I don''t see anything wrong with your Shorewall configuration. Incoming traffic is being sent through n012fw (correct) and output traffic is going through fw2n01 (also correct). TCPMSS setting appears to be working correctly, setting MSS to 1400 (two packets matched your TCPMSS output rule). Looks like you are going to have to analyze the problem with a packet sniffer. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Seemingly Similar Threads
- interop with strongswan / ipsec
- Shorewall 3.4.x - Error when (re) starting - segmentation fault
- Re: [strongSwan] Interop problem Linksys WRV200 with Strongswan 4.1.3 / PSK
- Problem with bridging/routing on three interfaces and DNAT
- creating a static route (SUSE 10)