All of lore.kernel.org
 help / color / mirror / Atom feed
From: Michael <mutk@ozemail.com.au>
To: IPtables Users <netfilter@lists.samba.org>
Subject: Soliciting User's Experiences with NewNat patch...
Date: Tue, 09 Jul 2002 11:22:42 +1000	[thread overview]
Message-ID: <3D2A3AE2.6050203@ozemail.com.au> (raw)

Hi all,

I am asking for some personal experiences among users regarding 
the"NewNat" patch.

Particularly:

How stable is it?

Is it production ready, any crashes lately?

Any known security problems?

I seem to recall reading that the general feeling amongst developers of 
Netfilter is that H323 support should never have been done, and it's 
inclusion in the Netfilter release schedule is not definate (It may be 
dropped).

I need to consider (Yet again) using the patch, as our users are wanting 
to use Web cam and Netmeeting etc.. I have a system setup that uses 
iptables, and pam_iptables that add's and deletes iptables rules as 
users log in. The purpose is to share a single xADSL link to internet, 
NAT'ing etc. Actually in one server/gateway I have another Firewall that 
does support Netmeeting protocols, and I use my iptables firewall to 
just filter. I have used all statefull (state NEW for outgoing, state 
RELATED,ESTABLISHED for incomming etc) so Netmeeting breaks in this 
situation anyway.

I have considered using Open gatekeeper  but the way I see it, Open323 
is an abomination, and more dificult than NewNat patch to set up...And 
yet another daemon to keep running, support and keep up to date....

Any thoughts, suggestions as to the best way to go? My personal feeling 
is to to say no to H323 support , and weather the complaints for another 
year :| At until the future of NewNat is clear...


Cheers,
Michael



                 reply	other threads:[~2002-07-09  1:22 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3D2A3AE2.6050203@ozemail.com.au \
    --to=mutk@ozemail.com.au \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.