Kernel 2.4 and IPMASQ

Previous page
Table of content
Next page

Kernel 2.4 and IPMASQ

Remember when I mentioned kernel 2.4? I had hoped we'd get this book wrapped up and in your hands before 2.4 hit the streets . Alas, it was not meant to be. The good news is that kernel 2.4 will be happy with your old ipchains rules!

Netfilter is the name of the kernel 2.4 ipchains-equivalent, and it's a complete rewrite of the old stuff. It's generally just cooler . Here's what I've learned from various documentation. The pros are huge (and I stole this list from the IP-Masquerade-HOWTO):

·                 Offers TRUE 1:1 NAT functionality for those who have TCP/IP subnets to play with.

·                 Built-in PORT Forwarding, which makes IPMASQADM no longer required.

·                 The new built-in PORTFWing ability works for both external and internal traffic. This means that users using PORTFW for external traffic and REDIR for internal redirection don't have to use two tools any more!

·                 Full policy-based routing features ( source-based TCP/IP address routing).

·                 Compatible with the Linux FastRoute feature for significantly faster packet forwarding (aka Linux network switching).

·                 Fully supports TCP/IP v4, v6, and even DECnet (ack!).

·                 Supports wildcard interface names like ppp* for PPP0, PPP1, etc.

·                 Supports filtering on both input and output INTERFACES.

·                 Ethernet MAC filtering.

·                 Denial-of-Service (DoS) packet rate limiting.

·                 Very simple and generic Stateful-like inspection functionality.

·                 Packet REJECTs now have user -selectable return ICMP messages.

·                 Variable levels of logging (different packets can go to different SYSLOG levels.

The only real con is that it is so new that most of the ip_masq modules haven't yet been ported ”so cuseeme, icq, irc, realaudio, quake, and vdolive won't work yet. This isn't really the end of the world, however. Documentation is hard to come by, and even though kernel 2.4 is fully accepted, I have this to say: Run kernel 2.2.19 or later on your firewall. Don't upgrade to the kernel 2.4 series until all the little modules you need to use have been ported. If you just must run it, however, then you can get information from http://netfilter.filewatcher.org/unreliable-guides/NAT-HOWTO.html .

 


Previous page
Table of content
Next page
Multitool Linux. Practical Uses for Open Source Software
Multitool Linux: Practical Uses for Open Source Software
ISBN: 0201734206
EAN: 2147483647
Year: 2002
Pages: 257
Authors: Michael Schwarz, Jeremy Anderson, Peter Curtis, Steven Murphy
BUY ON AMAZON
Java I/O
Documenting Software Architectures: Views and Beyond
Competency-Based Human Resource Management
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
.NET System Management Services
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy