[elrepo-devel] ip6t_TCPMSS is missing in kernel
Phil Perry
phil at elrepo.org
Sat Jul 16 15:15:45 EDT 2011
On 14/07/11 08:27, Michel van Dop wrote:
>
>
> Hello!
>
> Thanks for let me using your new kernel from your group. I
> am using CentOs 5.6 the had very old kernel i a need new kernel for use
> IPv6 firewall script.
>
> So i use now 2.6.39-2.el5.elrepo and IPv6 works
> but only little thinks go wrong on IPv6.
> I get this warning when i start
> arno-iptables firewall 2.0.0b
>
> Enabling setting the maximum packet size
> via MSS
> /sbin/ip6tables -A FORWARD -o eth0 -p tcp --tcp-flags SYN,RST
> SYN -j TCPMSS --clamp-mss-to-pmtu
> ERROR (2): ip6tables v1.3.5: Unknown
> arg `--clamp-mss-to-pmtu'
> Try `ip6tables -h' or 'ip6tables --help' for
> more information.
> /sbin/ip6tables -A OUTPUT -o eth0 -p tcp --tcp-flags
> SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
> ERROR (2): ip6tables v1.3.5:
> Unknown arg `--clamp-mss-to-pmtu'
> Try `ip6tables -h' or 'ip6tables
> --help' for more information.
>
> I ask the maker of the firewall what the
> problem he anwser:
> ip6t_TCPMSS is missing (I assume you forgot to enable
> it when you compiled your kernel). It's no biggy, that's for sure but in
> case you would like to use SET_MSS for IPv6, one should build the
> module...
>
ip6t_TCPMSS is a module alias for the xt_TCPMSS module, and is present,
compiled as a module in kernel-ml-2.6.39
[root at localhost ~]# modinfo xt_TCPMSS
filename:
/lib/modules/2.6.39-3.el5.elrepo/kernel/net/netfilter/xt_TCPMSS.ko
alias: ip6t_TCPMSS
alias: ipt_TCPMSS
description: Xtables: TCP Maximum Segment Size (MSS) adjustment
author: Marc Boucher <marc at mbsi.ca>
license: GPL
srcversion: 378FCA3988694318B6AB8C0
depends: x_tables
vermagic: 2.6.39-3.el5.elrepo SMP preempt mod_unload modversions
You should be able to load the module from it's alias like so:
[root at localhost ~]# modprobe ip6t_TCPMSS
[root at localhost ~]# lsmod | grep TCPMSS
Module Size Used by
xt_TCPMSS 13114 0
or of course you can load the module directly with 'modprobe xt_TCPMSS'.
So, please try loading the xt_TCPMSS and then maybe restart your
firewall script and see if it works?
Thanks.
More information about the elrepo-devel
mailing list