cool On Tue, May 12, 2020 at 9:16 PM Boris <bo...@cation.de> wrote:
> Am 12.05.20 um 19:52 schrieb Erich Titl: > > Hi Boris > > > > Am 12.05.2020 um 19:47 schrieb Boris: > >> Hej Erich, > >> > >> > >> thank you VERY MUCH being online! > >> > >> Am 12.05.20 um 19:24 schrieb Erich Titl: > >>> Hi Boris > >>> > >>> Am 12.05.2020 um 19:09 schrieb Boris: > >>>> Am 12.05.20 um 19:06 schrieb Boris: > >>> ... > >>> > >>>>> > >>>> > >>>> agate# shorewall check > >>>> Checking using Shorewall 5.2.3.4... > >>>> Processing /etc/shorewall/params ... > >>>> Processing /etc/shorewall/shorewall.conf... > >>>> ERROR: CLAMPMSS=Yes requires TCPMSS Target in your kernel and > >>>> iptables /etc/shorewall/shorewall.conf (EOF) > >>>> > >>> > >>> What is your current release on that box? I was preetty sure TCPMSS was > >>> selected, but it might be a module. > >>> > >>> On 6.2.4, which I am running on my peripheral box, > >> > >> I have to admit: I'm still on 6.1.3 > >> > >>> SALT# lsmod | grep xt_TCPMSS > >>> xt_TCPMSS 16384 1 - Live 0xc0b69000 > >>> x_tables 20480 18 > >>> > ipt_MASQUERADE,xt_recent,xt_comment,ipt_REJECT,xt_addrtype,xt_physdev,xt_mark,iptable_mangle,xt_TCPMSS,xt_tcpudp,xt_CT,iptable_raw,xt_multiport,xt_conntrack,xt_NFLOG,xt_LOG,iptable_filter,ip_tables, > >>> Live 0xc08f9000 > >>> > >>> It looks like xt_TCPMSS is a module and was not loaded at shorewall > start. > >>> > >>> Try > >>> > >>> mount_modules > >>> shorewall check > >>> umount_modules > >> > >> YES! Configuration is validated (with CLAMPMSS=1300 from SASSY). > >> And Shorewall is restarted. > >> > >> And yes: It seems to work! Mail receiving an sending is possible. And > >> also, the wieistmeineip.de is doing good! > >> > >> So I should make that module persistent and will do further testing. > > > > I _believe_ if you set CLAMPMSS=Yes, possiply also CLAMPMSS=<value>, > > shorewall will load the module at start. > > > > I wrote it to /etc/modules and stepped back to CLAMPMSS=No to have a > cross check. > > Perfect! > Mail receive does not work with CLAMPMSS=No and does with CLAMPMSS=Yes! > > I guess that's it! You made it! I am very lucky and full of thanks!! > > Boris > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Regards, Sassy Natan 972-(0)54-2203702
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
