On Tue, 12 Nov 2002 00:54:02 +0100 Pawel Idzi wrote: > On Wed, 30 Oct 2002, Tom Eastep wrote: > > > At a shell prompt, type "shorewall show FORWARD" -- You should see > > something like: > > > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > > pkts bytes target prot opt in out source destination > > 30043 1691K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 > > tcp flags:0x06/0x02 TCPMSS clamp to PMTU > > Yes, it's there: [..] > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 8 492 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 > tcp flags:0x06/0x02 TCPMSS clamp to PMTU > 124 153K ppp0_fwd ah -- ppp0 * 0.0.0.0/0 0.0.0.0/0 > 126 7910 eth0_fwd ah -- eth0 * 0.0.0.0/0 0.0.0.0/0 > 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' > 0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0 > -- > > I have no idea... :( Why this option doesn't resolve the problem?
On Wed, 30 Oct 2002 23:54:05 +0100 Pawel Idzi wrote: > I've succesfully set ppp and shorewall. All is ok, except one thing > - this > symptom(s) on machines behind firewall: > # 1) Web browsers connect, then hang with no data received. > # 2) Small mail works fine, but large emails hang. > # 3) ssh works fine, but scp hangs after initial handshaking. Not to rule out MSS problems since I have no idea how to interpret the shorewall output above, but have you already ruled out other potential problems that could lead to the same symptoms? For example: Are there any signs of problems in /var/log/ppp.log or /var/log/syslog ? Is your internal NIC using the same speed and duplex setting as whatever it is hooked to? Are you sure your serial ports and NIC are not trying to share the same interrupt? Are errors evident in the output of "ip -s link" after the problems occur? Does the HiS behave like a modem? If so, do you need to pass it any special init strings? Your original posting was not very clear about what lead you to believe it was an MSS problem and not something else, so please pardon me if I am asking about things you already systematically ruled out. --Brad ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
