[Shorewall-users] Re: SMB Problem
adam at sherman.ca
Thu Feb 3 18:07:08 PST 2005
Tom Eastep wrote:
> Adam Sherman wrote:
>>I had to grab the default ipsec file and add a single entry:
>>net no - - mss=1400
>>Doesn't seem to make a difference at all.
> Are you SURE that's the appropriate line for you -- I need to set
> mss=1400 on my gateway's 'net' interface so that connections coming
> *from* the IPSEC tunnel that go to the net are clamped.
Ah, I see what you're saying. What I want is for connections coming from
the local network and going into an IPsec tunnel to be clamped. Not sure
how to achieve that.
>>The weird thing is that, out
>>of our 20 tunnels, many of them do not have this issue.
> So what is common about the *other* end of the problem tunnels?
I will do a comparison and get back to you.
More information about the Shorewall-users