Hello,
On Mon, 3 Dec 2001, Whit Blauvelt wrote:
> Thanks Christoph (and Julian!), by happy coincidence this is exactly what
> I'm looking for today.
>
> In nano.txt you say the firewall, for iptables, must be stateful. Of course,
> ipchains doesn't do stateful. I'm looking at using Julian's patches with a
Assume that this is recommendation (should).
> 2.2.20 kernel and ipchains and masquerading. Does anyone know offhand
> whether I should:
>
> 1. Expect this to work?
If the settings are correct and I didn't broke something
when building all pieces together. The end goal of the patches
both for 2.2 and 2.4 should be same. The implementations differ,
Netfilter is more suitable for such changes while 2.2 has some
weirdness supporting these extensions. The same weirdness you can
see in the changes for the ipchains compat code in 2.4.
> 2. Expect this to get weird?
>
> If 2:
>
> - What weirdness should I look out for?
Make some tests before going to production :) It needs
some understanding. That is why the document Christoph wrote is
so useful.
> - What, in theory, is the statefulness accomplishing in this context?
If I understand your question correctly, this is not a goal.
It is a conntracking specific thing which is not touched from these
patches. These patches change the routing and the way it is used from
NAT after adding or extending some nice features.
> Whit
Regards
--
Julian Anastasov <ja@xxxxxx>
