On Tuesday, October 2, 2018, 4:46:34 PM GMT+2, Tom Eastep <teas...@shorewall.net> wrote: > > As I pointed out in my response to your later post, those rules won't > make any difference even if correct code was generated. What I suspect > is that you are running into a PMTU problem that will be corrected if > you set CLAMPMSS=Yes in shorewall.conf. You have switched from using > Ethernet interfaces to your ISPs to PPPoE interfaces which have an MTU > of 1492 versus 1500 for Ethernet.
I thought it could be due to PMTU, so I followed your suggestion and set CLAMPMSS=Yes. After restarting shorewall the following command would get only 1 packet reply (the first one). Everything else would be left unanswered. ping -n -I $IF_ISP1 8.8.8.8 (run on the shorewall gateway) So I also tried to set CLAMPMSS=4012 or whichever value I had in the ppp links. I would still get the same ping results. Also, if I did a "shorewall clear" the same ping tests would succeed. I did a shorewall dump during these tests. Unfortunately, I got cut off later so I can't access the dump file just yet. I'll send it asap. I finally tried to revert to my eth-only setup, moved back to CLAMPMSS=No. However, I'd still get the same erroneous ping results even after rebooting the shorewall gateway. I still have to find out how to undo what CLAMPMSS=Yes did. Anyway, I'll send the dump asap. Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
