<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body>
<p>Hello David,</p>
<p>Thanks for the good information and tips. I will look for a iptables rpm for centos 5. </p>
<p>Best regards,</p>
<p>Michel</p>
<p>On Mon, 18 Jul 2011 09:17:13 -0700, David Ranch wrote:</p>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%"><!-- html ignored --><!-- head ignored --><!-- meta ignored --><br /> Hello Michael,<br /><br /> >From what I've read, Redhat's EL 6.0 wasn't a very good initial release from them and a lot of things were broken. I don't know the details but I encourage you to research it. I've also read from the Centos team that they do NOT recommend upgrading from Centos 5.x to 6.x. That's unfortunate and the usual mantra from the Redhat camp where as this issue has been long solved by the Debian/Ubuntu crown. Grrr...<br /><br /> I hope that v6.1 was a significant cleanup for RHEL and if true, maybe you should wait a few more weeks (assuming they get it out in time) and try the Centos 6.1 release. Otherwise, it shouldn't be too hard to find an updated Iptables rpm (or roll your own) for Centos 5 but at that point, it's up to you to keep your iptables code updated for security patches, etc.<br /><br /> Good luck!<br /> --David<br /><br />
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%">
<p>Hi,</p>
<pre>Thank you David and Akemi.
I will try to update the iptables first on my test system and than want to think about the upgrade to CentOs 6.
Best regards,
Michel</pre>
<p>On Sun, 17 Jul 2011 10:23:31 -0700, Akemi Yagi wrote:</p>
<blockquote style="border-left: 2px solid #1010ff; padding-left: 5px; margin-left: 5px; width: 100%;">
<pre>On Sun, Jul 17, 2011 at 9:55 AM, David Ranch <<a href="mailto:elrepo@trinnet.net">elrepo@trinnet.net</a>> wrote:</pre>
<blockquote style="border-left: 2px solid #1010ff; padding-left: 5px; margin-left: 5px; width: 100%;">Hello Michael, You are running ip6tables v1.3.5 but MSS clamping wasn't added until 1.3.8. Do a search for "mss" in the changelog and you'll find it: <a href="http://ftp.netfilter.org/pub/iptables/changes-iptables-1.3.8.txt">http://ftp.netfilter.org/pub/iptables/changes-iptables-1.3.8.txt</a> The current stable version of iptables and ip6tables is 1.4.11. --David</blockquote>
<pre>Ah, so Phil's guess was right.
RHEL/CentOS/SL-6 has iptables-1.4.7-3.el6. Also the el6 kernel has the
xt_TCPMSS(ip6t_TCPMSS) module. If upgrading to the el6 OS is the
option for you, Michel, that would be the easiest solution.
Akemi
_______________________________________________
elrepo-devel mailing list
<a href="mailto:elrepo-devel@lists.elrepo.org">elrepo-devel@lists.elrepo.org</a>
<a href="http://lists.elrepo.org/mailman/listinfo/elrepo-devel">http://lists.elrepo.org/mailman/listinfo/elrepo-devel</a>
</pre>
</blockquote>
<p> </p>
<div>-- <br />
<pre>Check out my website: <a href="http://michel.foto-logs.nl">http://michel.foto-logs.nl</a></pre>
</div>
<hr size="4" width="90%" />
<pre>_______________________________________________
elrepo-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:elrepo-devel@lists.elrepo.org">elrepo-devel@lists.elrepo.org</a>
<a class="moz-txt-link-freetext" href="http://lists.elrepo.org/mailman/listinfo/elrepo-devel">http://lists.elrepo.org/mailman/listinfo/elrepo-devel</a>
</pre>
</blockquote>
</blockquote>
<p> </p>
<div>-- <br />
<pre>Check out my website: <a href="http://michel.foto-logs.nl">http://michel.foto-logs.nl</a></pre>
</div>
</body></html>