-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said...
> > The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP > > protocols other than TCP and UDP. > > Almost true. Using the iproute2 tools, you can do a static NAT of an > inside box to outside. You can then use standard packet filter firewall > rules to block various ports you don't want access to from outside. It is > the Linux masquerading code that has the problem, regular NAT works just > fine. The "ip neigh {add|del|change|replace} ..." sequence? > Problem is that it burns another external IP address. Um... not good. - -- - ---------------------------------------------------------------------- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5149C/ZTSZFDeHPwRAp8QAKDGcGvOFTEyuRorf10sFplLyQK1vwCeKSVL XQNRB4nEBvbfWemVJtfKeb4= =CiCq -----END PGP SIGNATURE-----