On Mon, 3 Dec 2001, Whit Blauvelt wrote: > Thanks Christoph (and Julian!), by happy coincidence this is exactly what > I'm looking for today. > In nano.txt you say the firewall, for iptables, must be stateful. Of course, > ipchains doesn't do stateful. I'm looking at using Julian's patches with a > 2.2.20 kernel and ipchains and masquerading. Does anyone know offhand > whether I should: > 1. Expect this to work? Yes. > 2. Expect this to get weird? Maybe. But that's not related to 2.2, it can happen with 2.4 as well. > If 2: > > - What weirdness should I look out for? OpenSSH sets up the TOS fields *after* authenticating. This breaks the entries in the route-cache, as they are keyed on source, destination and TOS field. > - What, in theory, is the statefulness accomplishing in this context? Don't really know, as I haven't needed it. (I've set up a similar system with only 2.2, never even so much as thinking about 2.4). Doei, Arthur. (Oh... in my opinion the firewalling is an optional extra.) -- /\ / | arthurvl@xxxxxxxxxx | Work like you don't need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there's nobody watching
