On Mon, 3 Dec 2001 23:45:49 +0000 (GMT) Julian Anastasov <ja@xxxxxx> wrote: > On Mon, 3 Dec 2001, Whit Blauvelt wrote: > > > Thanks Christoph (and Julian!), by happy coincidence this is exactly what > > I'm looking for today. > > > > In nano.txt you say the firewall, for iptables, must be stateful. Of course, > > ipchains doesn't do stateful. I'm looking at using Julian's patches with a > > Assume that this is recommendation (should). I was reviewing my notes and now I believe, that statefulness should not strictly be required, though at least for netfilter, I think it is very recommendable. What is required is connection tracking, as Julian's patches use their information for routing decisions. If you use the netfilter snat target, actually it shouldn't make a difference, as far as I can see. Maybe there is one, when using the masquerade target, because there might be a second call to the routing system, but I tend to believe that not. It's possible that I'm completely wrong, but I think it's definitively worth a try. -- Christoph Simon ciccio@xxxxxxxxxxxxxxx --- ^X^C q quit :q ^C end x exit ZZ ^D ? help .
