On Thu, Mar 14, 2002 at 04:34:19PM +0100, Simon Oosthoek wrote: > Hi developers > > I'm not on the list, but I thought this is too specific for the users list.
it's ok. > I'm configuring a firewall on a sun ultra 5 workstation with Suse 7.3 and a > fresh 2.4.19pre1 kernel and fresh iptables 1.2.5 compiled against that > kernel's source. mmh... you want to run a firewall un sparc64 linux? interesting idea, but I don't think this is the most stable and well-proven combination of (hardware, operating system, firewalling code) out there. > It looks like there are some problems with this setup and I was wondering if > the kernel modules are actually 64-bit enabled? They are. What's causing a headache with linux sparc64 port is the kernel==64 bits, userspace==32 bits issue. This is especially difficul as like in our situation, lots of data structures are passed from userspace to kernel- space. > When listing the iptables using "iptables -L -x -v -n", I see a lot of Very > Large Numbers (2^32+n???) in the standard chains for packet stats. > > The reason I have doubts about the quality of the modules on 64 bit sparc is > that the iptables command gives an invalid argument error when using the -m > limit option. The ipt_limit module is in memory (according to lsmod). > > Has anyone tried these things on linux on a 64bit sparc (or other 64bit) > architecture? Are these problems known? Well, the code should work (there are some special precautions just for the sparc64 architecture), but I guess you are one of the extremely few users of iptables on sparc64. However, the situation is likely to improve... I've just bought a sparc64 machine in order to play with the sparc64 linux port in general (and improve the status of netfilter/iptables on this architecture)... > I'd like to know if this is a bug or a configuration problem, because if > iptables/netfilter are not stable on this platform it doesn't make sense to > trust it with firewall duties... As stated above, I would go for some more common setup. > TIA > Simon -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
