[elrepo-devel] ip6t_TCPMSS is missing in kernel

Tue Jul 19 03:03:37 EDT 2011

Hello David, 

Thanks for the good information and tips. I will
look for a iptables rpm for centos 5.  

Best regards, 

Michel 

On
Mon, 18 Jul 2011 09:17:13 -0700, David Ranch wrote: 

> Hello Michael,
>

> >From what I've read, Redhat's EL 6.0 wasn't a very good initial
release from them and a lot of things were broken. I don't know the
details but I encourage you to research it. I've also read from the
Centos team that they do NOT recommend upgrading from Centos 5.x to 6.x.
That's unfortunate and the usual mantra from the Redhat camp where as
this issue has been long solved by the Debian/Ubuntu crown. Grrr...
> 
>
I hope that v6.1 was a significant cleanup for RHEL and if true, maybe
you should wait a few more weeks (assuming they get it out in time) and
try the Centos 6.1 release. Otherwise, it shouldn't be too hard to find
an updated Iptables rpm (or roll your own) for Centos 5 but at that
point, it's up to you to keep your iptables code updated for security
patches, etc.
> 
> Good luck!
> --David
> 
>> Hi, 
>> 
>> Thank you
David and Akemi.
>> 
>> I will try to update the iptables first on my
test system and than want to think about the upgrade to CentOs 6.
>> 
>>
Best regards,
>> Michel
>> 
>> On Sun, 17 Jul 2011 10:23:31 -0700, Akemi
Yagi wrote: 
>> 
>>> On Sun, Jul 17, 2011 at 9:55 AM, David Ranch
wrote:
>>> 
>>>> Hello Michael, You are running ip6tables v1.3.5 but MSS
clamping wasn't added until 1.3.8. Do a search for "mss" in the
changelog and you'll find it:
http://ftp.netfilter.org/pub/iptables/changes-iptables-1.3.8.txt [1] The
current stable version of iptables and ip6tables is 1.4.11. --David
>>>

>>> Ah, so Phil's guess was right.
>>> 
>>> RHEL/CentOS/SL-6 has
iptables-1.4.7-3.el6. Also the el6 kernel has the
>>>
xt_TCPMSS(ip6t_TCPMSS) module. If upgrading to the el6 OS is the
>>>
option for you, Michel, that would be the easiest solution.
>>> 
>>>
Akemi
>>> _______________________________________________
>>>
elrepo-devel mailing list
>>> elrepo-devel at lists.elrepo.org [3]
>>>
http://lists.elrepo.org/mailman/listinfo/elrepo-devel [4]
>> 
>> -- 
>>

>> Check out my website: http://michel.foto-logs.nl [5]
>> 
>>
-------------------------
>> 
>>
_______________________________________________
>> elrepo-devel mailing
list
>> elrepo-devel at lists.elrepo.org [6]
>>
http://lists.elrepo.org/mailman/listinfo/elrepo-devel [7]

-- 

Check
out my website: http://michel.foto-logs.nl [8]

Links:
------
[1]
http://ftp.netfilter.org/pub/iptables/changes-iptables-1.3.8.txt
[2]
mailto:elrepo at trinnet.net
[3] mailto:elrepo-devel at lists.elrepo.org
[4]
http://lists.elrepo.org/mailman/listinfo/elrepo-devel
[5]
http://michel.foto-logs.nl
[6] mailto:elrepo-devel at lists.elrepo.org
[7]
http://lists.elrepo.org/mailman/listinfo/elrepo-devel
[8]
http://michel.foto-logs.nl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.elrepo.org/pipermail/elrepo-devel/attachments/20110719/a62b5740/attachment.html>