In this case it is obvious why it doesn't always work.
The problem with it at present is it leads people to believe that it will
always if it happens to work occasionally.
There are other non-commercial solutions which can easily be used in its
place. The "IP masquerading" is treading into the "transparent proxy"
world and going head first.
Whilst maybe you're not concerned about the implications of it, I've
been watching firewalls for quite some time and this is a real non-plus.
The FTP stuff was bad enough, but to then see the same horror propogate
to IRC - that solution is even worse than the FTP code! Either the
person who wrote that doesn't understand how CTCP works or they're just
plain naive.
Anyway, if it stays as it is, I'll just have another thing to bag Linux
as a (and part of a) solution for firewalls with, it otherwise makes no
difference to me :-) I just thought I'd make sure people were aware
of how bad it was getting. Seems like I should have kept my mouth shut
and not mentioned it!
darren
> >Will whoever is working on that do one of two things:
> >
> > * fix it so it works properly
> >
> > * remove it
> >
> > The code I have seen so far in 1.3.84 is just plain broken, if it works
> > you're just lucky. There is no way it can be garuanteed to work in all
> > cases.
> >
> > As I mentioned in a letter to the firewalls mailling list, TCP is a
> > BYTE STREAM; not any sort of record structured protocol.
> >
> > darren
> >
> > p.s. in case you're wondering, the only reason I use linux is for backups
> > to tape of other systems