<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px"><div dir="ltr"><span>for some reason it stopped working after I restarted the server,</span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"> <font size="2" face="Arial"> On Tuesday, March 10, 2015 1:45 AM, Mark M <mark076h@yahoo.com> wrote:<br> </font> </div> <br><br> <div class="y_msg_container"><div id="yiv0939574215"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425962257043_17766"><span>I found that this iptables rule works- </span></div><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425962257043_17766"><span><br clear="none"></span></div><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425962257043_17766"><span></span></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425962257043_17766" style="">-A FORWARD -o enp0s3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1300:1536 -j TCPMSS --set-mss 1300</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425962257043_17766" style=""><br clear="none"></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425962257043_17766" style="">Now I am seeing a lot of TCP Retransmissions packets and sites are slow to slow. Any ideas?</div><div class="yiv0939574215" id="yiv0939574215yui_3_16_0_1_1425962257043_17778" style=""><br clear="none" class="yiv0939574215" style=""></div> <div class="yiv0939574215qtdSeparateBR"><br clear="none"><br clear="none"></div><div class="yiv0939574215yqt5637996548" id="yiv0939574215yqt89880"><div class="yiv0939574215yahoo_quoted" style="display: block;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div dir="ltr"> <font size="2" face="Arial"> On Tuesday, March 10, 2015 1:06 AM, Mark M <mark076h@yahoo.com> wrote:<br clear="none"> </font> </div> <br clear="none"><br clear="none"> <div class="yiv0939574215y_msg_container"><div id="yiv0939574215"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"><div dir="ltr"><span>I confirmed with Wireshark that is advertises a MSS above 1300 for some reason. Something strange is going on here, why would both methods not work?</span></div> <div class="yiv0939574215qtdSeparateBR"><br clear="none"><br clear="none"></div><div class="yiv0939574215yqt9397217335" id="yiv0939574215yqt98665"><div class="yiv0939574215yahoo_quoted" style="display:block;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div dir="ltr"> <font size="2" face="Arial"> On Tuesday, March 10, 2015 12:24 AM, Mark M <mark076h@yahoo.com> wrote:<br clear="none"> </font> </div> <br clear="none"><br clear="none"> <div class="yiv0939574215y_msg_container"><div id="yiv0939574215"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203"><span id="yiv0939574215yui_3_16_0_1_1425960914013_3228">I removed firewalld to make it more simple, here is what it looks like and still no luck- </span></div><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203"><span><br clear="none"></span></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">[root@CENTOS7 ~]# iptables -L</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">Chain INPUT (policy ACCEPT)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT icmp -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT udp -- anywhere anywhere udp dpt:isakmp</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">REJECT all -- anywhere anywhere reject-with icmp-host-prohibited</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">Chain FORWARD (policy ACCEPT)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT all -- 192.168.9.1 anywhere policy match dir in pol ipsec reqid 1 proto esp</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT all -- anywhere 192.168.9.1 policy match dir out pol ipsec reqid 1 proto esp</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">ACCEPT all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">TCPMSS tcp -- 192.168.9.0/24 anywhere tcp flags:SYN,RST/SYN TCPMSS set 1300</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">TCPMSS tcp -- 192.168.1.0/24 anywhere tcp flags:SYN,RST/SYN TCPMSS set 1300</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">Chain OUTPUT (policy ACCEPT)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">target prot opt source destination</div><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203"></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425960914013_3203" style="">[root@CENTOS7 ~]#</div><div class="yiv0939574215" id="yiv0939574215yui_3_16_0_1_1425960914013_3784" style=""><br clear="none" class="yiv0939574215" style=""></div> <div class="yiv0939574215qtdSeparateBR"><br clear="none"><br clear="none"></div><div class="yiv0939574215yqt4732451887" id="yiv0939574215yqt04350"><div class="yiv0939574215yahoo_quoted" style="display:block;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div dir="ltr"> <font size="2" face="Arial"> On Monday, March 9, 2015 9:57 PM, Mark M <mark076h@yahoo.com> wrote:<br clear="none"> </font> </div> <br clear="none"><br clear="none"> <div class="yiv0939574215y_msg_container"><div id="yiv0939574215"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_4240"><span>Noel,</span></div><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_4238"><span><br clear="none"></span></div><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3341">Does not seem to be working but I don't know if it is configured properly, i think firewalld makes it a mess. Does this look right?</div><div dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3342"><br clear="none"></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">[root@CENTOS7 ~]# iptables -L</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain INPUT (policy ACCEPT)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">INPUT_direct all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">INPUT_ZONES_SOURCE all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">INPUT_ZONES all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT icmp -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">REJECT all -- anywhere anywhere reject-with icmp-host-prohibited</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FORWARD (policy ACCEPT)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT all -- 192.168.9.1 anywhere policy match dir in pol ipsec reqid 2 proto esp</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT all -- anywhere 192.168.9.1 policy match dir out pol ipsec reqid 2 proto esp</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FORWARD_direct all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FORWARD_IN_ZONES all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FORWARD_OUT_ZONES all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT icmp -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">REJECT all -- anywhere anywhere reject-with icmp-host-prohibited</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">TCPMSS tcp -- 192.168.1.0/24 anywhere tcp flags:SYN,RST/SYN TCPMSS set 1300</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">TCPMSS tcp -- 192.168.9.0/24 anywhere tcp flags:SYN,RST/SYN TCPMSS set 1300</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain OUTPUT (policy ACCEPT)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">OUTPUT_direct all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FORWARD_IN_ZONES (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDI_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDI_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDI_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FORWARD_IN_ZONES_SOURCE (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FORWARD_OUT_ZONES (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDO_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDO_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDO_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FORWARD_OUT_ZONES_SOURCE (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FORWARD_direct (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FWDI_public (3 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDI_public_log all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDI_public_deny all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDI_public_allow all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FWDI_public_allow (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FWDI_public_deny (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FWDI_public_log (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FWDO_public (3 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDO_public_log all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDO_public_deny all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">FWDO_public_allow all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FWDO_public_allow (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FWDO_public_deny (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain FWDO_public_log (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain INPUT_ZONES (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">IN_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">IN_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">IN_public all -- anywhere anywhere [goto]</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain INPUT_ZONES_SOURCE (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain INPUT_direct (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain IN_public (3 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">IN_public_log all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">IN_public_deny all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">IN_public_allow all -- anywhere anywhere</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain IN_public_allow (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT udp -- anywhere anywhere udp dpt:isakmp ctstate NEW</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t ctstate NEW</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">ACCEPT udp -- anywhere anywhere udp dpt:http ctstate NEW</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain IN_public_deny (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain IN_public_log (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style=""><br clear="none" class="yiv0939574215" style=""></div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">Chain OUTPUT_direct (1 references)</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">target prot opt source destination</div><div class="yiv0939574215" dir="ltr" id="yiv0939574215yui_3_16_0_1_1425952008046_3343" style="">[root@CENTOS7 ~]#</div><div class="yiv0939574215" id="yiv0939574215yui_3_16_0_1_1425952008046_4258" style=""><br clear="none" class="yiv0939574215" style=""></div> <div class="yiv0939574215qtdSeparateBR"><br clear="none"><br clear="none"></div><div class="yiv0939574215yqt2176457896" id="yiv0939574215yqt68236"><div class="yiv0939574215yahoo_quoted" style="display:block;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div dir="ltr"> <font size="2" face="Arial"> On Monday, March 9, 2015 1:57 PM, Noel Kuntze <noel@familie-kuntze.de> wrote:<br clear="none"> </font> </div> <br clear="none"><br clear="none"> <div class="yiv0939574215y_msg_container"><br clear="none">-----BEGIN PGP SIGNED MESSAGE-----<br clear="none">Hash: SHA256<br clear="none"><br clear="none">Hello Mark,<br clear="none"><br clear="none">Please try the iptables rule then.<br clear="none"><br clear="none">Mit freundlichen Grüßen/Regards,<br clear="none">Noel Kuntze<br clear="none"><br clear="none">GPG Key ID: 0x63EC6658<br clear="none">Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br clear="none"><br clear="none">Am 09.03.2015 um 18:37 schrieb Mark M:<br clear="none">> Noel,<br clear="none">><br clear="none">> Still having the same issue, here is a screenshot of what my traffic looks like - <a rel="nofollow" shape="rect" target="_blank" href="https://i.imgur.com/Svtbiyx.jpg">https://i.imgur.com/Svtbiyx.jpg</a><br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> image <<a rel="nofollow" shape="rect" target="_blank" href="https://i.imgur.com/Svtbiyx.jpg">https://i.imgur.com/Svtbiyx.jpg</a>><br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <<a rel="nofollow" shape="rect" target="_blank" href="https://i.imgur.com/Svtbiyx.jpg">https://i.imgur.com/Svtbiyx.jpg</a>><br clear="none">> View on i.imgur.com <<a rel="nofollow" shape="rect" target="_blank" href="https://i.imgur.com/Svtbiyx.jpg">https://i.imgur.com/Svtbiyx.jpg</a>><br clear="none">> <br clear="none">> Preview by Yahoo<br clear="none">> <br clear="none">><br clear="none">><br clear="none">><br clear="none">> 192.168.1.7 is my strongSwan server and 192.168.9.1 is the virtual IP of my strongSwan client.<br clear="none">><br clear="none">> Thanks,<br clear="none">><br clear="none">> Mark-<br clear="none">><br clear="none">><br clear="none">> On Monday, March 9, 2015 11:57 AM, Noel Kuntze <<a rel="nofollow" shape="rect" ymailto="mailto:noel@familie-kuntze.de" target="_blank" href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>> wrote:<br clear="none">><br clear="none">><br clear="none">><br clear="none">> Okay, then that's not it.<br clear="none">><br clear="none">> Are there still fragments and ICMP messages from the gateway to the HTTP servers?<br clear="none">><br clear="none">> Mit freundlichen Grüßen/Regards,<br clear="none">> Noel Kuntze<br clear="none">><br clear="none">> GPG Key ID: 0x63EC6658<br clear="none">> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br clear="none">><br clear="none">> Am 09.03.2015 um 15:34 schrieb Tobias Brunner:<br clear="none">> >> You use modular loading, so you need to set that in the<br clear="none">> >> file /etc/strongswan.d/charon/kernel-netlink.conf.<br clear="none">><br clear="none">> > That's actually not the case. The .conf files in the<br clear="none">> > strongswan.d/charon folder are simply included in the top-level<br clear="none">> > strongswan.conf file (as can be seen in the snippet Mark posted).<br clear="none">> > So it's perfectly fine to set options there (or in any of the included<br clear="none">> > file).<br clear="none">><br clear="none">> > Regards,<br clear="none">> > Tobias<br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none"><br clear="none">-----BEGIN PGP SIGNATURE-----<br clear="none">Version: GnuPG v2<br clear="none"><br clear="none">iQIcBAEBCAAGBQJU/d8FAAoJEDg5KY9j7GZYR5gP/is0nCDWc2FHBKdOzk13gn4K<br clear="none">h83GlazfzE0h7lfQHyHCwkw6rkXJx8Y5izwfhP09n3Y+VBT6HI8r+JY1r5AMEjC1<br clear="none">RZT3IuDPGS092S22SDVkKSCFR0sOnZiYkjqWZCt7SqoLP76Ws0U56UEoIPsN0zQM<br clear="none">nSoakXtZ/2Z3y07/d72P3HAME8W3Gdz9CP/p23JGQEzwsrqvN/I0gv/EN3KBR4kT<br clear="none">RySlJ4LK2HqSMkK82lgQoIBdwMFd3FgeSLCZbgrOXxWmz2HpgBgV0roOVGEY9iFB<br clear="none">mMkAccnLHpkT4H7HylNv/PQ1FDdvXH3tJX9S1MoYsSTB6+6iv1pdV3IaUQJ2lTJw<br clear="none">h5nh558hj8NjXpKR1WBclrb8NHb30p+V+eTCuio+RYfXnuaFR6Q/k5+JPUIcZPe+<br clear="none">fyw2QJ6RBHtFB8J2wIJte6ATfzJ2UegHX9EJVYcToubnMM1P/wkI6piF5buePt0y<br clear="none">eMO8x4MMBLi8QXQcHTrmiDhN+Xy8GcB8VCMVwVO+vG5ag7304rjzG5f/UZlB2m8Y<br clear="none">n2tnJ5gARPATNSGySVjs0Ko888/w0At9yMqHNZ+IJWmVSDVLk73iHB4nrlSm32JC<br clear="none">MLjn9Cy0vndqAZqgsgwTjpadz8kRGP/KzEpGZc4UX8lrUHCpB2hiyxX6yR/KqyBS<br clear="none">AXol3Nkv6orOeCDKOXo5<br clear="none">=uYs4<div class="yiv0939574215yqt6344953825" id="yiv0939574215yqtfd48678"><br clear="none">-----END PGP SIGNATURE-----<br clear="none"><br clear="none"></div><br clear="none"><br clear="none"></div> </div> </div> </div></div> </div></div></div><br clear="none"><br clear="none"></div> </div> </div> </div></div> </div></div></div><br clear="none"><br clear="none"></div> </div> </div> </div></div> </div></div></div><br clear="none"><br clear="none"></div> </div> </div> </div></div> </div></div></div><br><br></div> </div> </div> </div> </div></body></html>