[elrepo-devel] ip6t_TCPMSS is missing in kernel
Michel van Dop
mvandop at xs4all.nl
Sat Jul 16 15:49:58 EDT 2011
Hello Phil,
I try to load the module on this way:
modprobe
ip6t_TCPMSS
And restart the firewall But same error in the firewall
script:
Enabling setting the maximum packet size via
MSS
/sbin/ip6tables -A FORWARD -o eth0 -p tcp --tcp-flags SYN,RST SYN -j
TCPMSS --clamp-mss-to-pmtu
ERROR (2): ip6tables v1.3.5: Unknown arg
`--clamp-mss-to-pmtu'
Try `ip6tables -h' or 'ip6tables --help' for more
information.
/sbin/ip6tables -A OUTPUT -o eth0 -p tcp --tcp-flags
SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
ERROR (2): ip6tables v1.3.5:
Unknown arg `--clamp-mss-to-pmtu'
Try `ip6tables -h' or 'ip6tables
--help' for more information.
also try:
modprobe xt_TCPMSS
And when i
do this : lsmod | grep TCPMSS
xt_TCPMSS 12967 2
x_tables 18263 18
ip6t_rt,xt_tcpudp,iptable_nat,xt_TCPMSS,ip6t_LOG,ipt_LOG,ip6t_REJECT,ipt_REJECT,ip6table_mangle,iptable_mangle,xt_multiport,xt_state,xt_limit,xt_conntrack,ip6table_filter,ip6_tables,iptable_filter,ip_tables
Before
or ather the load i get same result of the lsmod grep TCPMMS.
So that
make no different for me.
Thanks best regards,
Michel
On Sat, 16 Jul
2011 20:15:45 +0100, Phil Perry wrote:
> On 14/07/11 08:27, Michel van
Dop wrote:
>
>> Hello! Thanks for let me using your new kernel from
your group. I am using CentOs 5.6 the had very old kernel i a need new
kernel for use IPv6 firewall script. So i use now 2.6.39-2.el5.elrepo
and IPv6 works but only little thinks go wrong on IPv6. I get this
warning when i start arno-iptables firewall 2.0.0b Enabling setting the
maximum packet size via MSS /sbin/ip6tables -A FORWARD -o eth0 -p tcp
--tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ERROR (2):
ip6tables v1.3.5: Unknown arg `--clamp-mss-to-pmtu' Try `ip6tables -h'
or 'ip6tables --help' for more information. /sbin/ip6tables -A OUTPUT -o
eth0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ERROR
(2): ip6tables v1.3.5: Unknown arg `--clamp-mss-to-pmtu' Try `ip6tables
-h' or 'ip6tables --help' for more information. I ask the maker of the
firewall what the problem he anwser: ip6t_TCPMSS is missing (I assume
you forgot to enable it when you compiled your kernel). It's no biggy,
that's for sure but in case you would like to use SET_MSS for IPv6, one
should build the module...
>
> ip6t_TCPMSS is a module alias for the
xt_TCPMSS module, and is present,
> compiled as a module in
kernel-ml-2.6.39
>
> [root at localhost ~]# modinfo xt_TCPMSS
>
filename:
>
/lib/modules/2.6.39-3.el5.elrepo/kernel/net/netfilter/xt_TCPMSS.ko
>
alias: ip6t_TCPMSS
> alias: ipt_TCPMSS
> description: Xtables: TCP
Maximum Segment Size (MSS) adjustment
> author: Marc Boucher
> license:
GPL
> srcversion: 378FCA3988694318B6AB8C0
> depends: x_tables
>
vermagic: 2.6.39-3.el5.elrepo SMP preempt mod_unload modversions
>
>
You should be able to load the module from it's alias like so:
>
>
[root at localhost ~]# modprobe ip6t_TCPMSS
> [root at localhost ~]# lsmod |
grep TCPMSS
> Module Size Used by
> xt_TCPMSS 13114 0
>
> or of course
you can load the module directly with 'modprobe xt_TCPMSS'.
>
> So,
please try loading the xt_TCPMSS and then maybe restart your
> firewall
script and see if it works?
>
> Thanks.
>
>
_______________________________________________
> elrepo-devel mailing
list
> elrepo-devel at lists.elrepo.org [2]
>
http://lists.elrepo.org/mailman/listinfo/elrepo-devel [3]
Links:
------
[1] mailto:marc at mbsi.ca
[2]
mailto:elrepo-devel at lists.elrepo.org
[3]
http://lists.elrepo.org/mailman/listinfo/elrepo-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.elrepo.org/pipermail/elrepo-devel/attachments/20110716/213173d3/attachment.html>
More information about the elrepo-devel
mailing list