[Shorewall-users] Re: SMB Problem

Adam Sherman adam at sherman.ca
Thu Feb 3 18:07:08 PST 2005


Tom Eastep wrote:
> Adam Sherman wrote:
>>I had to grab the default ipsec file and add a single entry:
>>
>>net     no      -                       -                       mss=1400
>>
>>Doesn't seem to make a difference at all.
> 
> Are you SURE that's the appropriate line for you -- I need to set
> mss=1400 on my gateway's 'net' interface so that connections coming
> *from* the IPSEC tunnel that go to the net are clamped.

Ah, I see what you're saying. What I want is for connections coming from 
the local network and going into an IPsec tunnel to be clamped. Not sure 
how to achieve that.

>>The weird thing is that, out
>>of our 20 tunnels, many of them do not have this issue.
> 
> So what is common about the *other* end of the problem tunnels?

I will do a comparison and get back to you.

A.



More information about the Shorewall-users mailing list