On Mon, 11 Feb 2002 01:59, Charlie Brady wrote: > On Sun, 10 Feb 2002, Brad Hards wrote: <snip> > > 2. (much more importantly) Don't assume that just because you needed > > extra modules with ipchains that you will also need one with iptables. > > What (exactly) is it that you think that you need and don't have? > > This was all covered earlier in the thread. See > http://www.e-infomax.com/ipmasq/matrix24.html for specifics. I remain unconvinced. That site is "last updated 2000", and also contains this: "It is worth noting that 2.4.x kernels might just WORK where as 2.0.x and 2.2.x kernels required special modules. Please report back to us of your findings on 2.4.x kernel. Please see the Description/Notes section for availability of 2.4.x modules."
A bit of google showed some other sites (nothing very authoritative, so you get to do this yourself) that reported variable successes. So this is going to need some serious application support testing. Also (to badly quote Rusty from a talk he gave last Wednesday), "don't do it in the kernel if you don't have to". Netmeeting looks like one of the key applications that might or might not need extra NAT support. Even if it doesn't work in a vanilla 2.4 kernel, kernel modules might not be the right idea (since IIRC, you wouldn't be able to netmeeting direct from one client behind a SME G+S to a client behind another G+S). Maybe part of the upgrade to 2.4 should include "is there another way to do it" - in this particular case a H.323 gatekeeper (eg. http://openh323proxy.sourceforge.net/) might make more a more productive system, without concern for kernel version. Brad -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
