[Shorewall-users] Re: SMB Problem

Adam Sherman adam at sherman.ca
Thu Feb 3 18:07:08 PST 2005

Tom Eastep wrote:
> Adam Sherman wrote:
>>I had to grab the default ipsec file and add a single entry:
>>net     no      -                       -                       mss=1400
>>Doesn't seem to make a difference at all.
> Are you SURE that's the appropriate line for you -- I need to set
> mss=1400 on my gateway's 'net' interface so that connections coming
> *from* the IPSEC tunnel that go to the net are clamped.

Ah, I see what you're saying. What I want is for connections coming from 
the local network and going into an IPsec tunnel to be clamped. Not sure 
how to achieve that.

>>The weird thing is that, out
>>of our 20 tunnels, many of them do not have this issue.
> So what is common about the *other* end of the problem tunnels?

I will do a comparison and get back to you.


More information about the Shorewall-users mailing list