realistically you don't want to do anything not directly kernel related in
kernel space. that's the reason old windows would Blue Screen when a word
document loaded incorrectly. kernel should be untouched and as such will
make for a much more reliable OS, hence why FreeBSD is way more stable than
linux.
just because you can, doesn't mean you should.
-Sean
----- Original Message -----
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, September 26, 2007 9:03 PM
Subject: Re: [pfSense Support] jabber and NAT woes
Will Miles wrote:
The Linux kernel supports doing NAT reflection directly in the kernel,
which is why it 'just works' with IPCop. Unfortunately, the FreeBSD
gurus claim that their NAT system is not capable of doing this within the
packet filtering framework. That said, it /is/ possible to trick it into
behaving this way, and I assembled a patch for my own usage to solve this
specific problem, but since the experts claim it's not possible there's
no guarantee it will behave correctly in all circumstances. I'll see if
I can get it together over the weekend - I'm still using one of the 1.2
betas, though, so it'd take me a bit to update it for the RC build. That
said, it doesn't remove the proxy-based reflection scheme, so if you're
interested in the patch you can always go back to whichever model you
find works best for you.
I don't think anyone's ever said it isn't possible, the things I recall
reading were more along the lines of not wanting to do it. I don't recall
the reasoning offhand.
If you have some change that makes it work, it would be interesting to
see. Please post it.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
