Luke McKee was once rumoured to have said:
> Slug PPL,
>
> I thought I would mention this to the slug list. Sorry for the slightly off
> topic posting earlier that was primarily directed towards netfilter users.
>
> Simply what I am trying to say is some Linux users running NAT in the
> version in 2.4 kernel can not access some FTP sites that others can access
> without trouble - because netfilter breaks RFCs. It even affects ftp client
> running on the nat box itself so if you are running NAT there is nothing you
> can do apart from login to another machine outside your private network or
> shut down NAT completely to get to that FTP site.
This is why FTP has passive mode.
> The ftp servers you can't connect to with NAT running are FTP servers that
> send file transfers from a different IP to the one you first connected to.
> Servers that do this are commonly found in High-Availability networks (like
> those running high-availability Linux clusters - www.linux-ha.org). I just
> thought I should let you all know this in case anyone else have been having
> problems with FTP on linux.
HTSL[1].
> I now agree with Cris' comment on the slug home page:
> "Unfortunately, whilst everyone was impressed with Netfilter, and Chris's
> overview of it, no one was willing to entrust a production firewall to Linux
> 2.4. Perhaps around 2.4.10"
This was *NOT* my comment[2]. I use Netfilter at home, and I'm about to
deploy it into production.
The NAT code in Netfilter is *far* better than the old Masq system in
2.2 in terms of flexibility.
You obviously didn't research this very well before jumping to
conclusions, and I do not appreciate being misrepresented.
C[3].
[1] Hack the Source Luke. They even tell you what changes you'd need
to make.
[2] For the unaware, he's lifted the comment from Jeff's report on the
last meeting. These were Jeff's words, not mine.
[3] Yes, the C. stands for Chris, not for Crossfire.
--
--==============================================--
Crossfire | This email was brought to you
[EMAIL PROTECTED] | on 100% Recycled Electrons
--==============================================--
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
