<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body>
<p>Hello Phil,</p>
<p>I try to load the module on this way:</p>
<pre>modprobe ip6t_TCPMSS <br /><br />And restart the firewall But same error in the firewall script:<br /><br />Enabling setting the maximum packet size via MSS<br />/sbin/ip6tables -A FORWARD -o eth0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu<br />ERROR (2): ip6tables v1.3.5: Unknown arg `--clamp-mss-to-pmtu'<br />Try `ip6tables -h' or 'ip6tables --help' for more information.<br />/sbin/ip6tables -A OUTPUT -o eth0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu<br />ERROR (2): ip6tables v1.3.5: Unknown arg `--clamp-mss-to-pmtu'<br />Try `ip6tables -h' or 'ip6tables --help' for more information.<br /><br />also try:</pre>
<pre>modprobe xt_TCPMSS</pre>
<pre><br />And when i do this : lsmod | grep TCPMSS</pre>
<pre><br />xt_TCPMSS 12967 2<br />x_tables 18263 18 ip6t_rt,xt_tcpudp,iptable_nat,xt_TCPMSS,ip6t_LOG,ipt_LOG,ip6t_REJECT,ipt_REJECT,ip6table_mangle,iptable_mangle,xt_multiport,xt_state,xt_limit,xt_conntrack,ip6table_filter,ip6_tables,iptable_filter,ip_tables<br /><br />Before or ather the load i get same result of the lsmod grep TCPMMS.<br /><br />So that make no different for me. <br /><br />Thanks best regards,<br /><br />Michel<br /><br /><br /><br /></pre>
<p>On Sat, 16 Jul 2011 20:15:45 +0100, Phil Perry wrote:</p>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<pre>On 14/07/11 08:27, Michel van Dop wrote:</pre>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%">Hello! Thanks for let me using your new kernel from your group. I am using CentOs 5.6 the had very old kernel i a need new kernel for use IPv6 firewall script. So i use now 2.6.39-2.el5.elrepo and IPv6 works but only little thinks go wrong on IPv6. I get this warning when i start arno-iptables firewall 2.0.0b Enabling setting the maximum packet size via MSS /sbin/ip6tables -A FORWARD -o eth0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ERROR (2): ip6tables v1.3.5: Unknown arg `--clamp-mss-to-pmtu' Try `ip6tables -h' or 'ip6tables --help' for more information. /sbin/ip6tables -A OUTPUT -o eth0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ERROR (2): ip6tables v1.3.5: Unknown arg `--clamp-mss-to-pmtu' Try `ip6tables -h' or 'ip6tables --help' for more information. I ask the maker of the firewall what the problem he anwser: ip6t_TCPMSS is missing (I assume you forgot to enable it when you compiled your kernel). It's no biggy, that's for sure but in case you would like to use SET_MSS for IPv6, one should build the module...</blockquote>
<pre>
ip6t_TCPMSS is a module alias for the xt_TCPMSS module, and is present,
compiled as a module in kernel-ml-2.6.39
[root@localhost ~]# modinfo xt_TCPMSS
filename:
/lib/modules/2.6.39-3.el5.elrepo/kernel/net/netfilter/xt_TCPMSS.ko
alias: ip6t_TCPMSS
alias: ipt_TCPMSS
description: Xtables: TCP Maximum Segment Size (MSS) adjustment
author: Marc Boucher <<a href="mailto:marc@mbsi.ca">marc@mbsi.ca</a>>
license: GPL
srcversion: 378FCA3988694318B6AB8C0
depends: x_tables
vermagic: 2.6.39-3.el5.elrepo SMP preempt mod_unload modversions
You should be able to load the module from it's alias like so:
[root@localhost ~]# modprobe ip6t_TCPMSS
[root@localhost ~]# lsmod | grep TCPMSS
Module Size Used by
xt_TCPMSS 13114 0
or of course you can load the module directly with 'modprobe xt_TCPMSS'.
So, please try loading the xt_TCPMSS and then maybe restart your
firewall script and see if it works?
Thanks.
_______________________________________________
elrepo-devel mailing list
<a href="mailto:elrepo-devel@lists.elrepo.org">elrepo-devel@lists.elrepo.org</a>
<a href="http://lists.elrepo.org/mailman/listinfo/elrepo-devel">http://lists.elrepo.org/mailman/listinfo/elrepo-devel</a>
</pre>
</blockquote>
</body></html>