On Tue, Jan 23, 2001 at 12:48:20PM +1100, Rusty Russell wrote:
> So I reimplimented 2.2-style masquerading on top of the new NAT
> infrastructure: ideally this would mean that it could use the new
> helpers, but there were some minor technical problems, and it was
> never tested.
>
> Those who berated Aaron for not wanting to upgrade: he is the Debian
> maintainer for crashme, gtk-theme-switch, koules, pngcrush, and
> xdaliclock. By wasting his time making him convert a perfectly
> working system, you are taking away time from those projects. I'd
> rather see him spend time on Cool Stuff(TM) which benefits all of us.
Thank you for your support, but it seems clear that they were right.
I changed the kernel settings to have pure netfilter configuration,
read the NAT-HOWTO, and followed its instructions. I reccomend that any
others still trying to use the 2.[02].x style interfaces do the same.
netfilter seems not only much cleaner than ipchains or ipfwadm, but also
much more powerful. I read into the HOWTO a bit and was very impressed
by the capabilities. In particular, it's nice to have port forwarding
integrated with NAT rather than as a seperate chunk of kernel code using
different userspace tools.
I hope that netfilter will last longer than the last two packet
filtering/mangling/masquerading mechanisms. :)
P.S.: The only thing I did not get working successfully was IRC DCC. I
sent a bug report to the maintainer of the patch from the
patch-o-matic, but did not recieve an immediate response, so I'll
include it below in case anyone else has any ideas.
_______________________________________________________________________________
This archive was generated by hypermail 2b29 : Tue Jan 23 2001 - 21:00:26 EST