On Monday 01 July 2002 20.46, Michael Shuey wrote:
First, why would I want to SNAT locally originating packets?
Second, are you telling me that netfilter _does_ check to see if a
port is locally bound before using it for a translation?
Mainly in case the locally selected port is already in
On Monday 01 July 2002 19.49, Don Cohen wrote:
The ESTABLISHED indicates the TCP state, UNREPLIED indicates the
conntrack state. This is a TCP session that has only seen ACK in
one direction, no packets in the other.
Almost related note: The connection is not ASSURED.
I'm having
Hi,
I would like to SNAT icmp fragmentation-needed messages that have source
address from private network range (RFC1918). Because these packets are
part of valid TCP connection, they are processed by ip_conntrack module
and cannot be SNATed...
any idea?
jn
On Tue, 2 Jul 2002 [EMAIL PROTECTED] wrote:
I would like to SNAT icmp fragmentation-needed messages that have source
address from private network range (RFC1918). Because these packets are
part of valid TCP connection, they are processed by ip_conntrack module
and cannot be SNATed...
Just
Hi.
Patrick Schaaf wrote:
After not receiving a response for two weeks second try:
Sorry. Here we go:
The attached patch adds a new option --terminate to the MARK target
which lets the user choose if MARK should return IPT_CONTINUE
(normal behaviour) or NF_ACCEPT (to terminate further rule
Hi,
I'm using a kernel of version 2.4.18 where module-support is disabled
together with iptables-1.2.6a ( all compiled by myself).
I applied patches to netfilter using POM.
The following messages are seen in my log-file
ASSERT: ip_nat_core.c: 743 ip_conntrack_lock not readlocked
On Mon, Jul 01, 2002 at 07:27:31AM -0400, Stephen Frost wrote:
Harald,
Sending this again with hopes that it will get in before the next
official release. Just a small bugfix, thanks.
applied.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]
On Mon, Jul 01, 2002 at 11:32:32AM -0500, Michael Shuey wrote:
On Thu, May 30, 2002 at 03:32:47PM +0200, Harald Welte wrote:
Interestingly I don't remember this bug. I (and nobody else) has added
something to the TODO list about this either. Maybe it somehow got lost :(
I can't fault
On Mon, Jul 01, 2002 at 09:50:18AM +0200, Balazs Scheidler wrote:
On Sat, Jun 29, 2002 at 12:36:36PM +0200, Henrik Nordstrom wrote:
On Saturday 29 June 2002 11.46, Patrick McHardy wrote:
So the question to the Netfilter core team is if it would be OK to add
a new option and module class
On Fri, Jun 28, 2002 at 12:03:38PM -0700, Don Cohen wrote:
Patrick Schaaf writes:
I have real data from an IRC server (one of the german IRCnet hubs), and
from several boxen providing transparent proxy service to dialup customers,
3000 customers per box peak, running DNS and squid
On Sun, Jun 30, 2002 at 12:40:09PM -0700, Don Cohen wrote:
Clearly one easy defense against one easy attack (as was mentioned in
private communication) is that whenever you want to add to a bucket
that is full, you should feel free to throw out the oldest UNREPLIED
connection in that bucket.
On Mon, Jul 01, 2002 at 11:47:09AM +0200, Jozsef Kadlecsik wrote:
On Sat, 29 Jun 2002, Henrik Nordstrom wrote:
[...]
I proposed adding a new class of iptables things between matches and
targets, being neither a match for filtering or a target that
determines the ultimate fate of the
On Tue, Jul 02, 2002 at 04:11:37PM +0200, Albrecht Melan wrote:
Hi,
I'm using a kernel of version 2.4.18 where module-support is disabled
together with iptables-1.2.6a ( all compiled by myself).
I applied patches to netfilter using POM.
which patches?
The following messages are seen
Hi all,
I have put a tarball at http://bei.bof.de/cttest-0.1.tar.gz
Unpack, look at README, and reproduce the gnuplot pictures I have
mentioned earlier today (at http://bei.bof.de/ex1/)
I would love to see results from other kinds of workloads.
thanks in advance
Patrick
On Tue, Jul 02, 2002 at 03:08:37PM +0300, Vladimir Getselevich wrote:
Hi, Harald.
I asked you this question, but you didn't answered me.
Could you please tell me how can I cause that there will not be a delay of 1
packet in ULOG.
It is very important for my master research.
Well, you have
2002-07-02 23:52:06+0200, Patrick Schaaf [EMAIL PROTECTED] -
Hi all,
I have put a tarball at http://bei.bof.de/cttest-0.1.tar.gz
Unpack, look at README, and reproduce the gnuplot pictures I have
mentioned earlier today (at http://bei.bof.de/ex1/)
I would love to see results from other
16 matches
Mail list logo