On Sat, Apr 28, 2001 at 08:14:18AM +0200, Phil Karn wrote: > If I configure policy routing on and netfilter off, I can establish my > existing policy tables that deal with my rather complex ipip tunnel & > NAT configuration. Everything works as it did under 2.2.19 *except* > that policy entries calling for masquerading no longer work. Such a policy rule is not really masquerading, just a very simple stateless NAT. It'll probably not do what you want because it has no protocol translation support for ftp etc. Masquerading has always been a different subsystem, controlled by the firewall. In 2.4 masquerading still exists as a compatibility module, but requires netfilter connection tracking. In 2.4 there also is a more generic new NAT subsystem that among other things supports old masquerading. > I tried a kernel with netfilter turned on, but I was then no longer > able to load the ipip.o module that I use for tunneling. I get two > unresolved symbols from insmod: nf_hooks and nf_hooks_slow. Yet both > symbols *are* mentioned in /System.map. Weird. This persisted even > after a 'make clean' and remake. Looks like you didn't turn on CONFIG_NETFILTER in the main kernel. Without it masquerading will not work though. -Andi - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
