From: Aaron Lehmann <aaronl@vitelus.com>
To: Rusty Russell <rusty@linuxcare.com.au>
Cc: linux-kernel@vger.kernel.org
Subject: Re: 2.4 and ipmasq modules
Date: Mon, 22 Jan 2001 18:01:58 -0800 [thread overview]
Message-ID: <20010122180158.B24670@vitelus.com> (raw)
In-Reply-To: <20010120144616.A16843@vitelus.com> <E14KsZI-0006IU-00@halfway>
In-Reply-To: <E14KsZI-0006IU-00@halfway>; from rusty@linuxcare.com.au on Tue, Jan 23, 2001 at 12:48:20PM +1100
On Tue, Jan 23, 2001 at 12:48:20PM +1100, Rusty Russell wrote:
> So I reimplimented 2.2-style masquerading on top of the new NAT
> infrastructure: ideally this would mean that it could use the new
> helpers, but there were some minor technical problems, and it was
> never tested.
>
> Those who berated Aaron for not wanting to upgrade: he is the Debian
> maintainer for crashme, gtk-theme-switch, koules, pngcrush, and
> xdaliclock. By wasting his time making him convert a perfectly
> working system, you are taking away time from those projects. I'd
> rather see him spend time on Cool Stuff(TM) which benefits all of us.
Thank you for your support, but it seems clear that they were right.
I changed the kernel settings to have pure netfilter configuration,
read the NAT-HOWTO, and followed its instructions. I reccomend that any
others still trying to use the 2.[02].x style interfaces do the same.
netfilter seems not only much cleaner than ipchains or ipfwadm, but also
much more powerful. I read into the HOWTO a bit and was very impressed
by the capabilities. In particular, it's nice to have port forwarding
integrated with NAT rather than as a seperate chunk of kernel code using
different userspace tools.
I hope that netfilter will last longer than the last two packet
filtering/mangling/masquerading mechanisms. :)
P.S.: The only thing I did not get working successfully was IRC DCC. I
sent a bug report to the maintainer of the patch from the
patch-o-matic, but did not recieve an immediate response, so I'll
include it below in case anyone else has any ideas.
_______________________________________________________________________________
>From aaronl@vitelus.com Sun Jan 21 00:44:17 2001
Date: Sun, 21 Jan 2001 00:44:17 -0800
From: Aaron Lehmann <aaronl@vitelus.com>
To: laforge@gnumonks.org
Subject: irc-conntrack-nat doesn't work for me
I applied irc-conntrack-nat from iptables-1.2's patch-o-matic onto a
Linux 2.4.0 kernel with XFS support. I tried several different IRC
clients on the sending end (which was of course behind this NAT box)
and different IRC servers (all on port 6667). On the recieving end, I
would always get:
-:- DCC GET request from aaronl_[aaronl@vitelus.com
[64.81.36.147:33989]] 150 bytes /* That's the NAT box's IP */
-:- DCC Unable to create connection: Connection refused
Any idea what's wrong? I have irc-conntrack-nat compiled into the
kernel.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-01-23 2:02 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-20 22:46 2.4 and ipmasq modules Aaron Lehmann
2001-01-20 23:32 ` Daniel Stone
2001-01-20 23:34 ` Aaron Lehmann
2001-01-21 0:08 ` Daniel Stone
2001-01-21 0:08 ` Aaron Lehmann
2001-01-21 0:22 ` Doug McNaught
2001-01-24 12:37 ` Harald Welte
2001-01-21 7:47 ` Paul Jakma
2001-01-24 12:38 ` Harald Welte
2001-01-21 1:55 ` [OT] " J Sloan
2001-01-21 2:24 ` John Jasen
2001-01-23 1:48 ` Rusty Russell
2001-01-23 2:01 ` Aaron Lehmann [this message]
2001-01-23 7:29 ` Daniel Stone
2001-01-23 16:18 ` Martin Josefsson
2001-01-23 16:56 ` Aaron Lehmann
2001-01-24 12:41 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010122180158.B24670@vitelus.com \
--to=aaronl@vitelus.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@linuxcare.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox