From: Arthur van Leeuwen <arthurvl@sci.kun.nl>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Solved: Using more than 1 Internet Line
Date: Mon, 03 Dec 2001 22:04:20 +0000 [thread overview]
Message-ID: <marc-lartc-100741701218653@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100742079800981@msgid-missing>
On Mon, 3 Dec 2001, Whit Blauvelt wrote:
> Thanks Christoph (and Julian!), by happy coincidence this is exactly what
> I'm looking for today.
> In nano.txt you say the firewall, for iptables, must be stateful. Of course,
> ipchains doesn't do stateful. I'm looking at using Julian's patches with a
> 2.2.20 kernel and ipchains and masquerading. Does anyone know offhand
> whether I should:
> 1. Expect this to work?
Yes.
> 2. Expect this to get weird?
Maybe. But that's not related to 2.2, it can happen with 2.4 as well.
> If 2:
>
> - What weirdness should I look out for?
OpenSSH sets up the TOS fields *after* authenticating. This breaks the
entries in the route-cache, as they are keyed on source, destination and TOS
field.
> - What, in theory, is the statefulness accomplishing in this context?
Don't really know, as I haven't needed it. (I've set up a similar system
with only 2.2, never even so much as thinking about 2.4).
Doei, Arthur. (Oh... in my opinion the firewalling is an optional extra.)
--
/\ / | arthurvl@sci.kun.nl | Work like you don't need the money
/__\ / | A friend is someone with whom | Love like you have never been hurt
/ \/__ | you can dare to be yourself | Dance like there's nobody watching
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
next prev parent reply other threads:[~2001-12-03 22:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-02 19:24 [LARTC] Solved: Using more than 1 Internet Line Christoph Simon
2001-12-02 19:41 ` Christoph Simon
2001-12-03 20:22 ` Whit Blauvelt
2001-12-03 20:45 ` Christoph Simon
2001-12-03 21:43 ` Julian Anastasov
2001-12-03 22:04 ` Arthur van Leeuwen [this message]
2001-12-03 22:19 ` Christoph Simon
2001-12-03 22:33 ` Whit Blauvelt
2001-12-03 22:44 ` Julian Anastasov
2001-12-04 8:52 ` Arthur van Leeuwen
2001-12-04 10:57 ` Julian Anastasov
2001-12-04 11:05 ` Christoph Simon
2001-12-04 16:13 ` Don Cohen
2001-12-04 16:20 ` Arthur van Leeuwen
2001-12-04 16:56 ` Don Cohen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-100741701218653@msgid-missing \
--to=arthurvl@sci.kun.nl \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.