Herbert Xu wrote:
Florin Andrei <[EMAIL PROTECTED]> wrote:
OK, if I download 2.6.24-rc1, will it have this feature already?
Yes.
OK, I want to test this feature with 2.6.24-rc2. I compiled
iproute2-2.6.23 with your patch applied.
The problem is, I have no experience with tc (and very little
Patrick McHardy wrote:
Florin Andrei wrote:
OpenBSD 4.1 as a firewall fails even worse in this test case (it
freezes instantly).
OpenBSD 4.2 works fine under the UDP flood, as if nothing happened.
And Linux 2.6.23? :)
Same as 2.6.18, actually maybe a little bit worse than .18: the current
Florin Andrei <[EMAIL PROTECTED]> wrote:
>
> OK, if I download 2.6.24-rc1, will it have this feature already?
Yes.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.o
Herbert Xu wrote:
Florin Andrei <[EMAIL PROTECTED]> wrote:
I've heard that stateless 1:1 NAT will be possible with the upcoming
2.6.24 kernel.
I'd like to test that feature, but I'm not sure when it will actually be
included. Will it be present in the release candidates for 2.6.24?
I just need
Florin Andrei <[EMAIL PROTECTED]> wrote:
>
> Is it going to be possible to combine stateless 1:1 NAT with stateful
> filtering?
It is but it's pointless unless you can somehow enumerate the
bad guys (or a superset of them) and redirect them to NOTRACK.
Cheers,
--
Visit Openswan at http://www.op
Patrick McHardy wrote:
And Linux 2.6.23? :)
Alright, I get it. :-) Building kernel 2.6.23.1 as we speak.
--
Florin Andrei
http://florin.myip.org/
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://v
Florin Andrei wrote:
So here's the thing I'm trying to solve.
Gigabit network.
Dual homed firewall, doing 1:1 NAT for a bunch of web servers. Some
protocols are allowed inbound to the servers (the external, NATed
addresses).
Firewall is running CentOS 5 (kernel 2.6.18)
I run pktgen on a test
Herbert Xu wrote:
Florin Andrei <[EMAIL PROTECTED]> wrote:
I've heard that stateless 1:1 NAT will be possible with the upcoming
2.6.24 kernel.
I'd like to test that feature, but I'm not sure when it will actually be
included. Will it be present in the release candidates for 2.6.24?
I just need
Florin Andrei <[EMAIL PROTECTED]> wrote:
> I've heard that stateless 1:1 NAT will be possible with the upcoming
> 2.6.24 kernel.
> I'd like to test that feature, but I'm not sure when it will actually be
> included. Will it be present in the release candidates for 2.6.24?
> I just need a somewhat
