Re: Iptables FW under 2.4.0-test11

To: Giacomo Mulas <gmulas@ca.astro.it>
Cc: debian-firewall@lists.debian.org
Subject: Re: Iptables FW under 2.4.0-test11
From: S.Salman Ahmed <ssahmed@pathcom.com>
Date: Tue, 26 Dec 2000 05:26:17 -0500
Message-id: <14920.29257.320380.731028@gargle.gargle.HOWL>
Reply-to: ssahmed@pathcom.com
In-reply-to: <14920.16723.769630.374827@gargle.gargle.HOWL>
References: <000f01c06a65$add78e00$683e68d5@oak> <Pine.LNX.4.21.0012211407500.17850-100000@capitanata.ca.astro.it> <14920.16723.769630.374827@gargle.gargle.HOWL>

>>>>> "SSA" == S Salman Ahmed <ssahmed@pathcom.com> writes:
    SSA>  What iptables config option causes this problem ? 
    SSA> 

To answer my own question, the CONFIG_IP_NF_CONNTRACK=y option is the
one that causes the problem. My firewall has to be setup as a
masquerdaing FW, and in 2.4.0 NAT cannot be used without this option
enabled. So I can't use NAT in 2.4.0 with this option disabled.

I tried the 2.4.0-test13-pre4 which is supposed to have the fix for this
netfilter bug, but "ping -s 65000 localhost" still locks my system
hard.

I have gone back to 2.2.18+ipchains until this netfilter problem is more
reliably solved. Thanks for the info Giacomo.

-- 
Salman Ahmed
ssahmed AT pathcom DOT com

Reply to:

Follow-Ups:
- Re: Iptables FW under 2.4.0-test11
  - From: Giacomo Mulas <gmulas@ca.astro.it>

References:
- Re: Iptables FW under 2.4.0-test11
  - From: "Robert Davies" <Rob_Davies@NTLWorld.Com>
- Re: Iptables FW under 2.4.0-test11
  - From: Giacomo Mulas <gmulas@ca.astro.it>
- Re: Iptables FW under 2.4.0-test11
  - From: S.Salman Ahmed <ssahmed@pathcom.com>

Prev by Date: Re: Iptables FW under 2.4.0-test11
Next by Date: Re: Iptables FW under 2.4.0-test11
Previous by thread: Re: Iptables FW under 2.4.0-test11
Next by thread: Re: Iptables FW under 2.4.0-test11
Index(es):
- Date
- Thread