I don't use any of that :P
> Thank you for your support, but it seems clear that they were right.
> I changed the kernel settings to have pure netfilter configuration,
> read the NAT-HOWTO, and followed its instructions. I reccomend that any
> others still trying to use the 2..x style interfaces do the same.
> netfilter seems not only much cleaner than ipchains or ipfwadm, but also
> much more powerful. I read into the HOWTO a bit and was very impressed
> by the capabilities. In particular, it's nice to have port forwarding
> integrated with NAT rather than as a seperate chunk of kernel code using
> different userspace tools.
Among other things. It originally started out having NAT and filtering
controlled by two different userspace tools - iptables and ipnatctl, but
they were eventually merged.
> I hope that netfilter will last longer than the last two packet
> filtering/mangling/masquerading mechanisms. :)
Looking at something ages ago that I now cannot find, Rusty apparently
realised that ipchains was wrong when he was writing it; no such
admission (at least, that I know about) yet.
> P.S.: The only thing I did not get working successfully was IRC DCC. I
> sent a bug report to the maintainer of the patch from the
> patch-o-matic, but did not recieve an immediate response, so I'll
> include it below in case anyone else has any ideas.
> >From firstname.lastname@example.org Sun Jan 21 00:44:17 2001
> Date: Sun, 21 Jan 2001 00:44:17 -0800
> From: Aaron Lehmann <email@example.com>
> To: firstname.lastname@example.org
> Subject: irc-conntrack-nat doesn't work for me
> I applied irc-conntrack-nat from iptables-1.2's patch-o-matic onto a
> Linux 2.4.0 kernel with XFS support. I tried several different IRC
> clients on the sending end (which was of course behind this NAT box)
> and different IRC servers (all on port 6667). On the recieving end, I
> would always get:
> -:- DCC GET request from aaronl_[email@example.com
> [188.8.131.52:33989]] 150 bytes /* That's the NAT box's IP */
> -:- DCC Unable to create connection: Connection refused
> Any idea what's wrong? I have irc-conntrack-nat compiled into the
Well, it's NAT'ing it OK. Are you sure you have a rule like the
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
PS: If you're trying to NAT a DCC RESUME, don't even bother.
-- Daniel Stone Linux Kernel Developer firstname.lastname@example.org
-----BEGIN GEEK CODE BLOCK----- Version: 3.1 G!>CS d s++:- a---- C++ ULS++++$>B P---- L+++>++++ E+(joe)>+++ W++ N->++ !o K? w++(--) O---- M- V-- PS+++ PE- Y PGP>++ t--- 5-- X- R- tv-(!) b+++ DI+++ D+ G e->++ h!(+) r+(%) y? UF++ ------END GEEK CODE BLOCK------
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to email@example.com Please read the FAQ at http://www.tux.org/lkml/