[elrepo-devel] ip6t_TCPMSS is missing in kernel

Phil Perry phil at elrepo.org
Sat Jul 16 15:15:45 EDT 2011


On 14/07/11 08:27, Michel van Dop wrote:
>
>
> Hello!
>
> Thanks for let me using your new kernel from your group. I
> am using CentOs 5.6 the had very old kernel i a need new kernel for use
> IPv6 firewall script.
>
> So i use now 2.6.39-2.el5.elrepo and IPv6 works
> but only little thinks go wrong on IPv6.
> I get this warning when i start
> arno-iptables firewall 2.0.0b
>
> Enabling setting the maximum packet size
> via MSS
> /sbin/ip6tables -A FORWARD -o eth0 -p tcp --tcp-flags SYN,RST
> SYN -j TCPMSS --clamp-mss-to-pmtu
> ERROR (2): ip6tables v1.3.5: Unknown
> arg `--clamp-mss-to-pmtu'
> Try `ip6tables -h' or 'ip6tables --help' for
> more information.
> /sbin/ip6tables -A OUTPUT -o eth0 -p tcp --tcp-flags
> SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
> ERROR (2): ip6tables v1.3.5:
> Unknown arg `--clamp-mss-to-pmtu'
> Try `ip6tables -h' or 'ip6tables
> --help' for more information.
>
> I ask the maker of the firewall what the
> problem he anwser:
> ip6t_TCPMSS is missing (I assume you forgot to enable
> it when you compiled your kernel). It's no biggy, that's for sure but in
> case you would like to use SET_MSS for IPv6, one should build the
> module...
>


ip6t_TCPMSS is a module alias for the xt_TCPMSS module, and is present, 
compiled as a module in kernel-ml-2.6.39

[root at localhost ~]# modinfo xt_TCPMSS
filename:
/lib/modules/2.6.39-3.el5.elrepo/kernel/net/netfilter/xt_TCPMSS.ko
alias:          ip6t_TCPMSS
alias:          ipt_TCPMSS
description:    Xtables: TCP Maximum Segment Size (MSS) adjustment
author:         Marc Boucher <marc at mbsi.ca>
license:        GPL
srcversion:     378FCA3988694318B6AB8C0
depends:        x_tables
vermagic:       2.6.39-3.el5.elrepo SMP preempt mod_unload modversions


You should be able to load the module from it's alias like so:

[root at localhost ~]# modprobe ip6t_TCPMSS
[root at localhost ~]# lsmod | grep TCPMSS
Module                  Size  Used by
xt_TCPMSS              13114  0


or of course you can load the module directly with 'modprobe xt_TCPMSS'.

So, please try loading the xt_TCPMSS and then maybe restart your 
firewall script and see if it works?

Thanks.






More information about the elrepo-devel mailing list