[elrepo-devel] ip6t_TCPMSS is missing in kernel

Phil Perry phil at elrepo.org
Sat Jul 16 17:21:48 EDT 2011


On 16/07/11 20:49, Michel van Dop wrote:
>
>
> Hello Phil,
>
> I try to load the module on this way:
>
> modprobe
> ip6t_TCPMSS
>
> And restart the firewall But same error in the firewall
> script:
>
> Enabling setting the maximum packet size via
> MSS
> /sbin/ip6tables -A FORWARD -o eth0 -p tcp --tcp-flags SYN,RST SYN -j
> TCPMSS --clamp-mss-to-pmtu
> ERROR (2): ip6tables v1.3.5: Unknown arg
> `--clamp-mss-to-pmtu'
> Try `ip6tables -h' or 'ip6tables --help' for more
> information.
> /sbin/ip6tables -A OUTPUT -o eth0 -p tcp --tcp-flags
> SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
> ERROR (2): ip6tables v1.3.5:
> Unknown arg `--clamp-mss-to-pmtu'
> Try `ip6tables -h' or 'ip6tables
> --help' for more information.
>
> also try:
>
> modprobe xt_TCPMSS
>
> And when i
> do this : lsmod | grep TCPMSS
>
> xt_TCPMSS 12967 2
> x_tables 18263 18
> ip6t_rt,xt_tcpudp,iptable_nat,xt_TCPMSS,ip6t_LOG,ipt_LOG,ip6t_REJECT,ipt_REJECT,ip6table_mangle,iptable_mangle,xt_multiport,xt_state,xt_limit,xt_conntrack,ip6table_filter,ip6_tables,iptable_filter,ip_tables
>
> Before
> or ather the load i get same result of the lsmod grep TCPMMS.
>
> So that
> make no different for me.
>
> Thanks best regards,
>
> Michel
>


OK, my guess from the error you see would be that the functionality you 
are looking for is present in the kernel module but is maybe not yet 
supported in the user space ip6tables tools given the age of el5. My 
guess is you would also need to update ip6tables to obtain this 
functionality.





More information about the elrepo-devel mailing list