similar to: Re: NAT

Clients: Some sites just show the top area not the full page. Some sites cant be reached at all. I think it 90% may be the MTU/MSS problem. But I already have set the shorewall.conf CLAMPMSS=1400 or CLAMPMSS=Yes, but it doest make things good. I would be mad. Anybody helps me would so appreciated! If you want know more info. to diag my problem, I would be please to.

Hello, Since the ipmasq package has been dropped from debian I decided to migrate to shorewall. My setup is pretty simple: [DSL Modem] -eth0- [shorwall/gateway] -eth1- [local network] ipmasq required that I set the MTU on eth0 to 1492. Migrating to shorewall went well, but a small number of web sites would load slow or not at all. Setting the MTU on eth0 to 1492 and setting CLAMPMSS=Yes

Hi, I´m using Tinc for several years, but I didn´t fix a performance problem. There a about 20 nodes in this network. Master: 10.0.0.12 (dedicated host in a datacenter, debian, 100mBit port) tinc.conf: Name = TincKnoten12 AddressFamily = ipv4 Interface = tun ProcessPriority=high mode = router #DirectOnly = no Compression=0 PMTUDiscovery = yes #IndirectData = yes #ReplayWindow = 64 #ConnectTo

Try removing all MTU related settings from both sides. Allow tinc to learn on its own. " PMTU = 1436 ClampMSS = yes PMTUDiscovery = yes" in the config, " Address Family = ipv4" is likely not necessary, i would recommend removing it. " Device = /dev/net/tun" should not be used, unless tinc is having issues locating the tun device. however " DeviceType =

Hello! I'm using i868 (Pentium III) machine running Windows 2000 and running Linux, installed on dedicated partition, in parallel via VMWare. Linux config is RedHat 7.0 (kernel ) As I'm pretty new to Linux, I'd like to know exact procedure how to install ext3 filesystem support (also which packages do I need). My kernel config is as follows: kernel-headers-2.2.14-5.0

Am 23.06.2020 09:28, schrieb Marek Greško: Hi > if you need clampmss then it is highly probable there is a PMTU > discovery problem. The clampmss does not work for UDP. Is there a way to check if I have this problem? > I probably counted the size incorrectly. So you are able to ping with > size 1464 and not with 1466. How about trying same ping sizes from the > internet towards

> Currently, i have nodes with PMTUDiscovery =yes and ClampMSS = yes. Hello, these features were introduced in 1.0.13 correct ?? I also understand that the two settings are by default "yes" if not explictly set to "no" in the config file. what may happen if I have a network with mixed versions from 1.0.11 and 1.0.13, where the older daemons do not implement that feature

Attached is a zlib advisory and a debug dump of ssh with compression enabled. Most of the debug is superflous, so I have underlined the two points to look at. When creating an ssh connection, compression on the line is done *before* authentication -- This means an unauthorized attacker could, conceivable, leverage root access by connecting with to the ssh server requesting zlib compression and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11 In addition to correcting several bugs, this version adds the following features: 1) The default Drop and Reject actions now invoke the new standard action ''AllowICMPs''. This new action accepts critical ICMP types:

Sorry for the back-to-back releases but there have been quite a few bugs found in 3.0.0 so it seems like a good idea to make 3.0.1 available now. Problems Corrected in 3.0.1 1) If the previous firewall configuration included a policy other than ACCEPT in the nat, mangle or raw tables then Shorewall would not set the policy to ACCEPT. This could result in a ruleset that rejected or

Hello, this is a correct response: >From 62.156.246.57 (62.156.246.57) icmp_seq=1 Frag needed and DF set (mtu = 1492) So PMTU discovery is working. No problem here. You got correct message to lower the packet size from 62.156.246.57. This is probably the last hop before your site. Marek 2020-06-23 9:40 GMT+02:00, Luca Bertoncello <lucabert at lucabert.de>: > Am 23.06.2020 09:28,

Hello, if you need clampmss then it is highly probable there is a PMTU discovery problem. The clampmss does not work for UDP. I probably counted the size incorrectly. So you are able to ping with size 1464 and not with 1466. How about trying same ping sizes from the internet towards your site? I mean trying to ping from sites with higher MTU than yours without lower MTU links in the path. You

Ok I know that this is supposed to be "garbage" on 1.1.7 Wine. But I have Wine 1.0.1 on Kubuntu 8.10 on "i868" computer. Also should I try installing only the main game without the expansion pack, would it work. Please help as I bought it in conviction it's gold on wine. Thanks for help

The server has a 1G symmetrical fibre line. It has been speedtested to various local servers to be close to 800-900M. When there is only a single client, there isn't much problem and as soon as the connection is made, the ping time through to tunnel is a respectable 30ms. As soon as a few more clients are connected, ping time degrades to hundreds and sometimes seconds and with dropped packets.

Aloha! I am new to tinc and I like to figure out my own issues before asking but I am not sure of my next step here. I am not sure if the problem is the VPN configuration or in my network. I will try to be as through as possible. I have two computers that are CentOS with the latest tinc from their respective repositories. Server A is behind a Sophos XG and Server B is behind a Ubiquiti Edge

Hello guys, I have two ISP's connected to my router. One via eth2, second one via ADSL modem, with ppoe doing on my Centos 5 . The problem I have is, that when ADSL fails , interface ppp0 is removed. This also removes my static routes configured for this interface. I do not want that, as I have load balancing configured and default route is removed when ppp0 interface disapears. This is my

I am a newbie to linux and shorewall. I am reading the shoreall quickstart guides. I am a bit confused about the following statement: ----------- quote -------------- The firewall has two network interfaces. Where Internet connectivity is through a cable or DSL "Modem", the External Interface will be the ethernet adapter that is connected to that "Modem" (e.g., eth0) unless you

Hi, I am using Shorewall 2.0.6 on Debian with iptables 1.29. Before I was using Shorewall 2.0.3 and If work correctly, I am not sure that my problems begin after upgrade to 2.0.6, but my problem is that I can''t see some websites on the pc clients ( such as www.microsoft.com ), but some websites yes ( they are not in the pc cache ). My config is Shorewall as gateway/router of

Hello every one, first time poster, four month shorewaller ;) As the subject states, I''ve been experienced the infamous trouble described in the next excerpt from shorewall.conf # MSS CLAMPING # # Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU" # option. This option is most commonly required when your internet # interface is some

Hello. I'm living in the country side where the communications are very very poor. My only choice is Satellite connection throw the French company Eurona which uses the network deployed by Skylogicnet. In general the latency is very bad (~800ms) and the network is very unstable. I have been investigating in the ISP routers which are in my path and there are many hops which are done in a