Thank you for your support, but it seems clear that they were right.
I changed the kernel settings to have pure netfilter configuration,
read the NAT-HOWTO, and followed its instructions. I reccomend that any
others still trying to use the 2.[02].x style interfaces do the same.
netfilter seems not only much cleaner than ipchains or ipfwadm, but also
much more powerful. I read into the HOWTO a bit and was very impressed
by the capabilities. In particular, it's nice to have port forwarding
integrated with NAT rather than as a seperate chunk of kernel code using
different userspace tools.
I hope that netfilter will last longer than the last two packet
filtering/mangling/masquerading mechanisms. :)
P.S.: The only thing I did not get working successfully was IRC DCC. I
sent a bug report to the maintainer of the patch from the
patch-o-matic, but did not recieve an immediate response, so I'll
include it below in case anyone else has any ideas.
_______________________________________________________________________________
Date: Sun, 21 Jan 2001 00:44:17 -0800
From: Aaron Lehmann <aaronl@vitelus.com>
To: laforge@gnumonks.org
Subject: irc-conntrack-nat doesn't work for me
I applied irc-conntrack-nat from iptables-1.2's patch-o-matic onto a
Linux 2.4.0 kernel with XFS support. I tried several different IRC
clients on the sending end (which was of course behind this NAT box)
and different IRC servers (all on port 6667). On the recieving end, I
would always get:
-:- DCC GET request from aaronl_[aaronl@vitelus.com
[64.81.36.147:33989]] 150 bytes /* That's the NAT box's IP */
-:- DCC Unable to create connection: Connection refused
Any idea what's wrong? I have irc-conntrack-nat compiled into the
kernel.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/