RE: strange effects of DNAT in connection with policy routing

2002-06-24 Thread Sneppe Filip
Title: RE: strange effects of DNAT in connection with policy routing Martin Sperl [mailto:[EMAIL PROTECTED]] wrote: > >BUT the flow with NAT for a request to B.B.B.2 is like this: > >Machine    SRCIP  DESTIP    >GW.B   a.b.c.d    B.B.B.2 >FW-eth1    a.b.c.d    B.B.B.2

RE: strange effects of DNAT in connection with policy routing

2002-06-24 Thread Sneppe Filip
Title: RE: strange effects of DNAT in connection with policy routing Martin Sperl [mailto:[EMAIL PROTECTED]] wrote: > >We are currently experiencing strange problems with DNAT in conjunction >with policy routing and think that we have found a bug somewhere! > ... > >ip tables -t nat -I PREROU

RE: Security flaw in Stateful filtering ??????

2002-06-06 Thread Sneppe Filip
Title: RE: Security flaw in Stateful filtering ?? Yes, it's that time of the month again :-) Emmanuel Fleury [mailto:[EMAIL PROTECTED]] wrote: > >Patrick Schaaf wrote: > >> The behaviour is intentional. The reason is "connection pickup". Imagine >> a situation where the firewall reboots.

RE: [PATCH] Trivial PPTP conntrack typo fix (was: RE: ip_nat_pptp)

2002-04-23 Thread Sneppe Filip
Title: RE: [PATCH] Trivial PPTP conntrack typo fix (was: RE: ip_nat_pptp) Hi Harald, A little more feedback on the gre/pptp conntracker: - There is still a minor problem with the pptp nat helper:   "modprobe ip_nat_pptp" doesn't trigger the automatic loading   of ip_nat_proto_gre, and it wo

[PATCH] Trivial PPTP conntrack typo fix (was: RE: ip_nat_pptp)

2002-04-18 Thread Sneppe Filip
i Apr 19 04:24:43 2002 @@ -1,5 +1,5 @@  # connection tracking helpers -obj-$(config_ip_nf_pptp) += ip_conntrack_pptp.o +obj-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp.o  ifdef CONFIG_IP_NF_NAT_PPTP     export-objs += ip_conntrack_pptp.o  endif -Original Message- From:   Sneppe Filip

RE: [PATCH] Quake III Arena conntracker

2002-04-04 Thread Sneppe Filip
Title: RE: [PATCH] Quake III Arena conntracker Brad Chapman wrote: > >   OK. I understand this analysis, but to me, it doesn't explain why >this conntracker is needed. AFAICT on my system, everything is handled by >the basic UDP conntrack code. Could you explain it a little better, please

RE: [PATCH] Quake III Arena conntracker

2002-04-04 Thread Sneppe Filip
Title: RE: [PATCH] Quake III Arena conntracker Harald Welte wrote: > >I see. So now you can open only *.*.*.*:* -> master_server:27950 >and all other stuff will be RELATED. > Exactly. >> One more thing: since all traffic is originated by the client, >> I did not write a NAT module, since im

RE: UPNP Server/Application Gateway for Linux

2002-04-04 Thread Sneppe Filip
Title: RE: UPNP Server/Application Gateway for Linux Patrick Schaaf wrote: > >I don't know about RDP. > FYI there is an open source implementation of an MS Terminal Services client at www.rdesktop.org. That would be a good starting point to look for documentation on RDP. Regards, Filip

RE: Port of TFTP helper to newnat API

2002-03-26 Thread Sneppe Filip
Title: RE: Port of TFTP helper to newnat API Harald Welte wrote: > >I've done a minimal port of the tftp helper to the newnat API. > >It's now in patch-o-matic > >Please review the code and test! Hi, (This question is not really newnat related, just something about the TFTP helper) Why is