kernel with ip_nat_h323
Hi
I run a NAT router to a network of ~100 computers with a connection of
512kb. The box is woody, on 486DX100/28MB RAM
I currently still use kernel 2.2 (all the problems with kernel 2.4 scared
me, and besides, NAT does provide a poor-man's stateful filtering, at
least against the bad guys in the internet).
Anyway, one of the requirements from this box was to masquerade netmeeting
calls properly. On 2.2 there is a beta-quality module for that, which
generally works. However lately (ever since the upgrade to 2.2.20 ?) I
have experinced occsional freezes of this box, which required a hard
reboot. I noticed some activity from this module in the system logs a bit
before the times of most of the crashes, but it is nothing I can be sure
of, and I have no time to chase this bug on my own.
It seems that there is a patch for adding this support for kernel 2.4
(read: a beta quality code, in a not-yet-tried-and-tested-enough kernel
base). But this one is being actively developed, so I hope that I won't be
alone should troubles arise.
I'm now trying to build a kernel package[1] that will include this patch.
>From the documentation in the netfilter site
(http://www.netfilter.org/documentation/FAQ/netfilter-faq-1.html#ss1.5 ) I
should get the latest patch from their CVS and then use some procedure to
apply their patches.
This all spells too much "bleeding edge" to me. I also had problems
applying those patches on kernel 2.4.17. Has anybody got this
configuration built and working for some time (with a resonably recent 2.4
kernel)?
[1] I would rather build a kernel package, because then it would be easier
to build it on a seperate build machine and copy to the firewall box, but
it is not a must.
Also: Any ideas if this machine is strong enough to handle the expected
load with netfilter? See its configuration at the beginning of the
message.
--
Tzafrir Cohen /"\
mailto:tzafrir@technion.ac.il \ / ASCII Ribbon Campaign
Taub 229, 972-4-829-3942, X Against HTML Mail
http://www.technion.ac.il/~tzafrir / \
Reply to: