From: Friedrich Lobenstock <fl@fl.priv.at>
To: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: extra/pptp-conntrack-nat.patch
Date: Fri, 11 Apr 2003 23:26:21 +0200 [thread overview]
Message-ID: <3E9732FD.1010804@fl.priv.at> (raw)
In-Reply-To: <Pine.LNX.4.44.0304111409550.15504-100000@localhost.localdomain>
Hello!
Ilguiz Latypov wrote:
>
> The following chart represents my understanding of the PPTP tracking
> modules capabilities in their current state. I assumed that uncommenting
> the "return NF_ACCEPT" statement in question is equivalent to not tracking
> a connection with bad TCP checksum. [....]
>
> connection from connection from
> behind the NAT box the NAT box itself
>
> good TCP bad TCP good TCP bad TCP
> checksum checksum checksum checksum
>
>
> no PPTP modules 1 1 + +
For connections from behind the NAT box I can not confirm this.
>
>
> unmodified PPTP modules + + - -
> without the local NAT option
>
> unmodified PPTP modules + + + +
> with the local NAT option
>
> uncommented "return NF_ACCEPT"
> for bad TCP checksums + 1 - +
> without the local NAT option
>
> uncommented "return NF_ACCEPT"
> for bad TCP checksums + 1 + +
> with the local NAT option
>
>
> ------------------
> +: Any number of connections of given class is treated correctly.
> -: No connection possible.
> 1: Only one connection at a time will work in these cases. If this refers
> to the "behind the NAT box" connections, no connections from the NAT
> box itself should be allowed for this to work.
>
As the local nat patch is not in patch-o-matic-20030107 did not
get applied to my kernel, but for me that's irrelevant, as I don't
currently use pptp from the linux maschine itself.
--
MfG / Regards
Friedrich Lobenstock
next prev parent reply other threads:[~2003-04-11 21:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.GSO.4.03.10304092023000.11290-100000@shemp.vdata.com>
2003-04-10 13:28 ` extra/pptp-conntrack-nat.patch Friedrich Lobenstock
2003-04-10 20:11 ` extra/pptp-conntrack-nat.patch Jeff Hall
2003-04-11 10:48 ` extra/pptp-conntrack-nat.patch Friedrich Lobenstock
2003-04-11 11:09 ` extra/pptp-conntrack-nat.patch Ilguiz Latypov
2003-04-11 16:40 ` extra/pptp-conntrack-nat.patch Friedrich Lobenstock
2003-04-11 17:00 ` extra/pptp-conntrack-nat.patch Martin Josefsson
2003-04-11 19:42 ` extra/pptp-conntrack-nat.patch Martin Josefsson
2003-04-11 21:08 ` extra/pptp-conntrack-nat.patch Friedrich Lobenstock
2003-04-11 19:12 ` extra/pptp-conntrack-nat.patch Ilguiz Latypov
2003-04-11 21:26 ` Friedrich Lobenstock [this message]
[not found] <3E8832B4.8030901@fl.priv.at>
2003-03-31 12:31 ` extra/pptp-conntrack-nat.patch Harald Welte
2003-03-31 12:44 ` extra/pptp-conntrack-nat.patch Friedrich Lobenstock
2003-03-31 13:07 ` extra/pptp-conntrack-nat.patch Harald Welte
2003-04-01 19:37 ` extra/pptp-conntrack-nat.patch Friedrich Lobenstock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E9732FD.1010804@fl.priv.at \
--to=fl@fl.priv.at \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.