On 3/30/2015 11:07 AM, Thomas Winkler wrote: > Hello, > > I ran the shorewall debug start 2>/tmp/trace command and this is the output > of the trace file : > > WARNING: Using an interface as the masq SOURCE requires the interface to be > up and configured when Shorewall starts/restarts /etc/shorewall/masq (line 1) > iptables: No chain/target/match by that name. > ERROR: Command "/sbin/iptables -t filter -A FORWARD -p tcp --tcp-flags > SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu" Failed > Terminated >
Looks like your kernel/iptables doesn't support the TCPMSS target, so you can't use the CLAMPMSS option in shorewall.conf. Shorewall has never tried to determine if TCPMSS is available or not since it is very rare that it is not available. What distribution are you running? > > And I don't have any rfc1918 file in /etc/shorewall. The failing rule has nothing to do with RFC 1918. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
