On Wednesday 13 March 2002 03:34, you wrote: > I have been using ipchains for quite some time now and I am in the > process of migrating to IPtables. But I still have one big dilemma. > Why do I have to install special kernel modules to use special > protocols like FTP,H323 etc What is the real issue about these > protocols. Why can't NAT handle these protocols. I mean I tried NAT > on a Cisco router and no probs everthing works.
Well they're modules because the kernel team, correctly, in my opionion, does not make assumptions about how someone wants to use their computer. You can make pretty broad assuptions about what one would do with a Cisco PIX. Your complaint is really with the distribution, as a firewall / router oriented distribution might well decide to compile all the netfilter stuff in and not configure as modules. That said, you can either make sure all the netfilter stuff you need laods as modules at boot time (in Debian this is easy, the other distros seem to have more arcane methods) or compile your own kernel which has it all made the way you want. Linux, et. al., is DIY. Other products may be easier, but they are also "black box". -- Tim Kelley tpk at 23rdward dot org
