On Fri, 8 Mar 2002, Andy Eager wrote: > >>with ftp, realaudio etc). I still reckon that ipchains with a 2.2 > >>kernel is still the simplest and most generally accepted way to do > >>firewalling if you want particular services masqueraded. > >> > > > >I'm interested to know your reasoning here. > > > OK, I'm prepared to be knocked down in flames here (only if your > gentle), but recently I paid a reasonably well known Linux consultant to > advise me on a job I'm doing for a paying customer to install a firewall > (that has to do masquerading of all well known services). His/her > sugestion was to stick with ipchains for the time being (preferably > under 2.2 kernel because the helper modules were already written and > known to work) After some of my own research, I came up with the > following from the man (rusty) himself:
There is a clamour that ebbs and flows on the e-smith (SME) development list to move to the 2.4 kernel (to get a journaling fs amongst other things). SME persists with 2.2 for exactly the above reasons - the masquerading modules under 2.4 lack the functionality of those under 2.2.x, a crucial sticking point for effective firewalling. -=-=-==-=-=--=-=-=-=-=-=-=-=-=-=-=-= Graeme Robinson - Graenet consulting www.graenet.com - internet solutions -=-=-=-=-=-=-=-=-=-=-==---=-=--=-=-= -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
