<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
Hello Michael,<br>
<br>
>From what I've read, Redhat's EL 6.0 wasn't a very good initial release
from them and a lot of things were broken. I don't know the details
but I encourage you to research it. I've also read from the Centos
team that they do NOT recommend upgrading from Centos 5.x to 6.x.
That's unfortunate and the usual mantra from the Redhat camp where as
this issue has been long solved by the Debian/Ubuntu crown. Grrr...<br>
<br>
I hope that v6.1 was a significant cleanup for RHEL and if true, maybe
you should wait a few more weeks (assuming they get it out in time) and
try the Centos 6.1 release. Otherwise, it shouldn't be too hard to
find an updated Iptables rpm (or roll your own) for Centos 5 but at
that point, it's up to you to keep your iptables code updated for
security patches, etc.<br>
<br>
Good luck!<br>
--David<br>
<br>
<blockquote cite="mid:2baaa2f95b03366ccee659d5baa70683@xs4all.nl"
type="cite">
<p>Hi,</p>
<pre>Thank you David and Akemi.
I will try to update the iptables first on my test system and than want to think about the upgrade to CentOs 6.
Best regards,
Michel</pre>
<p>On Sun, 17 Jul 2011 10:23:31 -0700, Akemi Yagi wrote:</p>
<blockquote type="cite"
style="border-left: 2px solid rgb(16, 16, 255); padding-left: 5px; margin-left: 5px; width: 100%;"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<pre>On Sun, Jul 17, 2011 at 9:55 AM, David Ranch <<a
moz-do-not-send="true" href="mailto:elrepo@trinnet.net">elrepo@trinnet.net</a>> wrote:</pre>
<blockquote type="cite"
style="border-left: 2px solid rgb(16, 16, 255); padding-left: 5px; margin-left: 5px; width: 100%;">Hello
Michael, You are running ip6tables v1.3.5 but MSS clamping wasn't added
until 1.3.8. Do a search for "mss" in the changelog and you'll find
it: <a moz-do-not-send="true"
href="http://ftp.netfilter.org/pub/iptables/changes-iptables-1.3.8.txt">http://ftp.netfilter.org/pub/iptables/changes-iptables-1.3.8.txt</a>
The current stable version of iptables and ip6tables is 1.4.11. --David</blockquote>
<pre>Ah, so Phil's guess was right.
RHEL/CentOS/SL-6 has iptables-1.4.7-3.el6. Also the el6 kernel has the
xt_TCPMSS(ip6t_TCPMSS) module. If upgrading to the el6 OS is the
option for you, Michel, that would be the easiest solution.
Akemi
_______________________________________________
elrepo-devel mailing list
<a moz-do-not-send="true" href="mailto:elrepo-devel@lists.elrepo.org">elrepo-devel@lists.elrepo.org</a>
<a moz-do-not-send="true"
href="http://lists.elrepo.org/mailman/listinfo/elrepo-devel">http://lists.elrepo.org/mailman/listinfo/elrepo-devel</a>
</pre>
</blockquote>
<p> </p>
<div>-- <br>
<pre>Check out my website: <a moz-do-not-send="true"
href="http://michel.foto-logs.nl">http://michel.foto-logs.nl</a></pre>
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
elrepo-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:elrepo-devel@lists.elrepo.org">elrepo-devel@lists.elrepo.org</a>
<a class="moz-txt-link-freetext" href="http://lists.elrepo.org/mailman/listinfo/elrepo-devel">http://lists.elrepo.org/mailman/listinfo/elrepo-devel</a>
</pre>
</blockquote>
</body>
</html>