Hey, I''m using shorewall6 to do my firewalling, and have a SiXxs tunnel. I seem to be getting weird timeout issues (mainly for whois lookups). See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695749 It is only a problem in my internal network, and works fine directly from the firewall itself. Any ideas where I can start looking? What debugging options I can look at setting to get the right logs etc. Cheers, Hugh ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 2012-12-12 22:28, Hugh Davenport wrote:> Hey, > > I''m using shorewall6 to do my firewalling, and have a SiXxs tunnel. > > I seem to be getting weird timeout issues (mainly for whois lookups). > See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695749 > It is only a problem in my internal network, and works fine directly > from the firewall itself. > > Any ideas where I can start looking? What debugging options I can look > at setting to get the right logs etc.Just a note, I see similar issues were had on http://forums.gentoo.org/viewtopic-t-922026-start-0.html> > Cheers, > > Hugh > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add > services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 12/12/2012 01:28 AM, Hugh Davenport wrote:> Hey, > > I''m using shorewall6 to do my firewalling, and have a SiXxs tunnel. > > I seem to be getting weird timeout issues (mainly for whois lookups). > See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695749 > It is only a problem in my internal network, and works fine directly > from the firewall itself. > > Any ideas where I can start looking? What debugging options I can look > at setting to get the right logs etc.Try setting CLAMPMSS=Yes in shorewall6.conf. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 2012-12-13 05:16, Tom Eastep wrote:> On 12/12/2012 01:28 AM, Hugh Davenport wrote: >> Hey, >> >> I''m using shorewall6 to do my firewalling, and have a SiXxs tunnel. >> >> I seem to be getting weird timeout issues (mainly for whois lookups). >> See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695749 >> It is only a problem in my internal network, and works fine directly >> from the firewall itself. >> >> Any ideas where I can start looking? What debugging options I can >> look >> at setting to get the right logs etc. > > Try setting CLAMPMSS=Yes in shorewall6.conf.Works a charm thanks Tom :D. This seems like it could be a common occurance to some, maybe something for the FAQ? Cheers, Hugh> > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add > services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 12/12/12 11:24 AM, Hugh Davenport wrote:> On 2012-12-13 05:16, Tom Eastep wrote: >> On 12/12/2012 01:28 AM, Hugh Davenport wrote: >>> Hey, >>> >>> I''m using shorewall6 to do my firewalling, and have a SiXxs tunnel. >>> >>> I seem to be getting weird timeout issues (mainly for whois lookups). >>> See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695749 >>> It is only a problem in my internal network, and works fine directly >>> from the firewall itself. >>> >>> Any ideas where I can start looking? What debugging options I can >>> look >>> at setting to get the right logs etc. >> >> Try setting CLAMPMSS=Yes in shorewall6.conf. > > Works a charm thanks Tom :D. This seems like it could be a common > occurance > to some, maybe something for the FAQ?It''s FAQ #33 -- been there for years. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 2012-12-13 09:36, Tom Eastep wrote:> On 12/12/12 11:24 AM, Hugh Davenport wrote: >> On 2012-12-13 05:16, Tom Eastep wrote: >>> On 12/12/2012 01:28 AM, Hugh Davenport wrote: >>>> Hey, >>>> >>>> I''m using shorewall6 to do my firewalling, and have a SiXxs tunnel. >>>> >>>> I seem to be getting weird timeout issues (mainly for whois >>>> lookups). >>>> See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695749 >>>> It is only a problem in my internal network, and works fine >>>> directly >>>> from the firewall itself. >>>> >>>> Any ideas where I can start looking? What debugging options I can >>>> look >>>> at setting to get the right logs etc. >>> >>> Try setting CLAMPMSS=Yes in shorewall6.conf. >> >> Works a charm thanks Tom :D. This seems like it could be a common >> occurance >> to some, maybe something for the FAQ? > > It''s FAQ #33 -- been there for years.xD, sorry about that, skipped over it as I was thinking it was IPv6 specific... Sorry to bother your time ;) Cheers, Hugh> > -Tom > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add > services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
On 12/12/12 12:55 PM, Hugh Davenport wrote:> On 2012-12-13 09:36, Tom Eastep wrote: >> It''s FAQ #33 -- been there for years. > > xD, sorry about that, skipped over it as I was thinking it was > IPv6 specific... > > Sorry to bother your time ;) >Not a problem -- just glad it worked for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d