[Firehol-support] Re: smtp and gre tunnels

Costa Tsaousis costa at tsaousis.gr
Sat Apr 23 13:15:17 BST 2005

You can also try:

tcpmss auto

at the top of firehol.conf. Check the firehol tcpmss helper docs.



On Sat, April 23, 2005 3:48, Daniel Pittman said:
> On 23 Apr 2005, Rick Marshall wrote:
>> now that i've put firehol in, instead of firestarter, i have a new
>> problem. (although most things work better)
>> our servers have several tunnels to remote offices. we used to be able
>> to run sendmail over the tunnels to act as the mail server for our
>> users.
>> this is particularly important as there is more than one sendmail server
>> on the network and they are used as a message switch between servers.
>> what we find is that small messages (one packet i think) get through,
>> but longer messages don't. here's the strange bit: if we take the
>> mailserver access outside the tunnels (gre) they work fine. it worked
>> fine when firestarter setup the iptables rules. the stmp exchange works
>> ok, it's just the data bit that doesn't.
>> our voip works ok, so does the video conference, and so does ssh. it's
>> just sendmail....
> You have a Path MTU Discovery black hole, caused by the GRE tunnel.
> Implement one of the solutions for this very problem, most commonly
> found in the context of PPPoE connectivity, and your life wil improve.
>       Daniel
> --
> Change is disruptive -- that's the point!
>         -- Karen Bredfeldt
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support

More information about the Firehol-support mailing list