Thank you for your reply,
I have got the old firewall running (possibly briefly - I think the HD is nearly dead).
It still gets full speed on my Internet connection.
I do get 2 log messages in syslog, they are a pair:
Dec 27 16:25:26 XXXXOLD pptp: anon log[ctrlp_rep
ptp_ctrl.c:243]: Sent control packet type is 5 'Echo-Request'
Dec 27 16:25:26 XXXXOLD pptp: anon log[logecho
ptp_ctrl.c:659]: Echo Reply received.
I don't get any of the messages about buffering packets being lost or reordered.
ICMP type 5 is Source Route failed from RFC 792 (http://www.rfc-archive.org/getrfc.php?rfc=792)
I don't seem to have any type 5 control packet logs in the new syslog.
I wonder if Shorewall is blocking these control packets, where the firewall in my old setup didn't?
My old Debian was Debian Sarge, release 3.1. My old firewall was ipmasq.
My old kernel was 2.6.8-2-686.
My new Debian is Debian Testing/Squeeze. My new firewall is Shorewall (22.214.171.124).
My new kernel is 2.6.32-5-amd64.
> > I am using the Shorewall firewall with the "two-interfaces"
> > configuration.
> You might get a clue as to what is happening by installing another
> system such as SmoothWall3 (www.smoothwall.org) on the machine and
> then inspecting the logs and statistics.
> SmoothWall takes over the entire drive, so you might wish to plug in a
> spare small drive for the test. The installation and configuration of
> SmoothWall can be done in about fifteen minutes, using a gui. The
> system is very well documented.
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org