Morris Maynard wrote:
> OK, thanks for the pointer.
> I am not trying to upset anyone here, and I want you to know that I do think
> that it's great that you are trying to collect information and make it
> available to people.
>
> However (of course there's a however!), your site has some characteristics
> in common with much of the other online material for Linux: the information
> is poorly organized;
******As pointed out, the site is not finished... but I will buy, how so?
>
> much of it is so abbreviated as to be not very useful unless you already know
> most of it;
******Agreed, this subject matter is not for the novice
> and some of it is really outdated (for example, the pointer to the
> unfortunate "diald mini-howto").
******Please read that section again, I believe you will find that I admit it
is old... but will have to suffice till such time as newer information is
available
>
> As another example, you discuss port forwarding, but don't mention the port
> forwarding modules which exist with the default distribution.
*******Which default distro? I have 22 different flavors of Linux... no two of
them are the same?
> Using these has got to be a lot simpler than trying to recompile the kernel
********Remember, this site is about firewalls and routers... Anything prior to
2.2.11 should be replaced anyway and compiled as a router and hardened.
> and acquire and learn yet *another* utility like ipmasqadm. I have yet to
> find an
> application which won't work by using these, but there is almost zero
> discussion of them anywhere - and there is no orderly or complete treatment
> of them at all.
*******Perhaps one reason would be that most of the people that I trust as
experts in this area hold ipmasqadm as the ONLY option. Others are available,
however they are mostly patched versions of older programs or have some real
problems -- the one that you seem to favor, ipautofw is reported to crash the
OS under heavy load. I have not taken any time to look into it (src code), I
understand that it does not properly check in with the newer kernels? And all
of that aside, IPCHAINS and all of this are old news... I am currently running
IPTABLES on my test systems... wait till this comes out!
> I apologize for the harshness of this post,
*****No need to
> but I am not trying to attack
> anyone. I really feel that the lack of professionalism in documenting Linux
> and its utilities is a threat to the "freeness" of the operating system. If
> we don't exert the effort to be more professional (and accurate) in the way
> we present information,
******Odd, your site -- www.maynidea.com -- is a MS dev site? Feel free to
provide any Linux material you would like and I will be happy to put it on my
site... perhaps a rewrite of that diald howto?
> corporations that will come to control Linux because
> they will control the documentation.
******"The worker, the thinker and the man of great accomplishment will not be
a slave to those who tally his deeds... But he may well be a slave to their
money"
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> KL Davis
> Sent: Wednesday, December 15, 1999 12:17 PM
> To: Morris Maynard
> Subject: Re: IP Masquerading
>
> sorry, http://www.nanux.com/labADV.html#portfwd
>
> > The URL in your post (www.nanux.xom) was incorrect. I did look at
> > www.nanux.com. I did not see any info on port forwarding there.
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> KL
> > Davis
> > Sent: Tuesday, December 14, 1999 1:11 PM
> > To: Morris Maynard
> > Subject: Re: IP Masquerading
> >
> > Just wondering...
> >
> > Do you not agree with my suggestions for setting up port forwarding?
> >
> > Morris Maynard wrote:
> >
> > > Er... you may not have to *build* the port forwarding modules - in fact,
> > > probably not, if you have the RedHat 6.0 or later and did a server
> install
> > > or a custom install which included networking stuff. However, you may
> have
> > > to put "insmod" statements into some startup script (I use rc.local) to
> > get
> > > the modules loaded. The modules in question are in
> > > /lib/modules/2.2.5-15/ipv4. I load them in /etc/rc.d/rc.local as
> follows:
> > >
> > > insmod ip_masq_ftp
> > > insmod ip_masq_raudio
> > > insmod ip_masq_autofw
> > > insmod ip_masq_portfw
> > > insmod ppp_deflate
> > >
> > > echo "1" > /proc/sys/net/ipv4/ip_forward
> > > echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> > >
> > > There are other ways to load modules (see man pages for "depmod" and
> > > "modprobe" and good luck to you!). You can also re-build the kernel so
> > that
> > > some of these things are bult-in and don't need to be loaded. If this
> > turns
> > > out to be the case, you should see a warning message in your boot.log
> > file.
> > >
> > > In order to tunnel into Windows NT VPN networks, I *did* rebuild the
> > kernel
> > > after using John Hardin's PPTP patch, and then I also load these
> modules:
> > >
> > > insmod ip_gre
> > > insmod ip_masq_pptp
> > >
> > > FWIW - some of the previous messages in this thread are a good example
> of
> > > why it is often a pretty horrible task to get things working in Linux -
> > > outdated, misleading, and incorrect. We need to be more careful if we
> are
> > > going to be helpful instead of just adding to the trouble.
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Mr Cornish Rex
> > > Sent: Monday, December 13, 1999 12:14 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: IP Masquerading
> > >
> > > There are port forwarding modules in the linux kernel sources
> > > just enable them in the config and then make modules and make
> > > modules_install
> > >
> > > from there tho your on your own - I dont use them myself!
> > >
> > > On Mon, 13 Dec 1999, KL Davis wrote:
> > > > My site is far from finished, but may offer some help in setting up
> > > IPCHAINS and
> > > > the newer (kernel 2.4.x) IPTABLES... please let me know if it helps at
> > > all?
> > > > What I can do to make it bettter? I hope to have everything posted
> and
> > be
> > > > "open" by the first of the year...
> > > >
> > > > www.nanux.xom
> > > >
> > > > KL Davis
> > > >
> > > >
> > > > ****************************************
> > > >
> > > > Tim Coleman wrote:
> > > >
> > > > > On Sat, Dec 11, 1999 at 11:01:10PM -0500, Jake Colman wrote:
> > > > > > >>>>> "Mike" == Mike Jagdis <[EMAIL PROTECTED]> writes:
> > > > > >
> > > > > > >> Hello. I'd like to be able to connect throught my
> > masquerading
> > > > > > >> machine to a computer behind it. Is there any method of
> > doing
> > > this?
> > > > > >
> > > > > > Mike> Look at ipmasqadm and use either the portfw or mfw
> > modules.
> > > > > >
> > > > > > Am I missing something or is ipmasqadm NOT part of the RedHat
> > > distribution?
> > > > > > Any idea why not? Are there RPMs for it?
> > > > >
> > > > > Well, if the Red Hat distribution has a 2.2.x kernel as standard, it
> > > > > is likely that it would include ipchains, which supersedes ipmasqadm
> > > > > (and which will itself be superseded in 2.4.x).
> > > > >
> > > > > ipchains, however, does not (at least I think it doesn't) have any
> > > options
> > > > > for port forwarding, etc. So, I'm not sure what the recommended
> > > software
> > > > > to use is for forwarding. But, ipmasqadm should be downloadable off
> > of
> > > > > the Internet. I would recommend a FAQ, but I think any relevant
> ones
> > > > > are likely quite out of date by now.
> > > > >
> > > > > ttfn
> > > > >
> > > > > Tim
> > > > >
> > > > > -
> > > > > To unsubscribe from this list: send the line "unsubscribe
> linux-diald"
> > > in
> > > > > the body of a message to [EMAIL PROTECTED]
> > > >
> > > >
> > > > -
> > > > To unsubscribe from this list: send the line "unsubscribe linux-diald"
> > in
> > > > the body of a message to [EMAIL PROTECTED]
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe linux-diald"
> in
> > > the body of a message to [EMAIL PROTECTED]
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe linux-diald"
> in
> > > the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
