On Mon, Mar 7, 2016 at 6:34 PM, Tom Eastep <teas...@shorewall.net> wrote:
> Have you set CLAMPMSS=Yes?
Yes.
Could the problem be related to the net_dnat chain?
Chain net_dnat (2 references)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- eth3 * 0.0.0.0/0
81.63.145.193 multiport dports 80,443,8080 to:81.63.145.197
994 55601 DNAT tcp -- eth3 * 0.0.0.0/0
5.145.19.28 multiport dports 80,443,8080 to:81.63.145.197
The interface serving destination 81.63.145.193 has a 1492 MTU and
the other a 1500 MTU.
Is there a easy way to better constrain the DNAT rule such that the
entry for destination 81.63.145.193 is not generated?
DNAT net:eth3 dmz:81.63.145.197 tcp 80,443,8080
The eth3 interface gets its address via DHCP but will always fall
within the 5.145.19.28/19 range.
Thanks!
jCandlish
.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
