You can find a new version of ipfwadm, 2.0beta2, on ftp.xos.nl:
ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.0beta2.tar.gz
This version *needs* Linux 1.3.66 or newer. It now supports
matching with interface names (like "eth0"), besides matching
with interface addresses.
Note that Linux 1.3.66 on its turn also needs 2.0beta2: sorry
for the incompatibilities, but it's worth the pain, I hope
(2.0beta1 works only with kernels 1.3.61 - 1.3.65).
For those of you using IP masquerading: this will work again
on 1.3.66 (it was broken in a few kernel releases) when you
apply a small patch to the 1.3.66 tree:
========================CUT HERE=======================
--- net/ipv4/ip_fw.c.MASQERR Sat Feb 17 17:42:40 1996
+++ net/ipv4/ip_fw.c Sat Feb 17 18:27:04 1996
@@ -905,7 +905,7 @@
}
else ms->timer.expires = jiffies+MASQUERADE_EXPIRE_TCP;
- skb->csum = csum_partial(th + 1, size - sizeof(*th), 0);
+ skb->csum = csum_partial((void *)(th + 1), size - sizeof(*th), 0);
tcp_send_check(th,iph->saddr,iph->daddr,size,skb);
}
add_timer(&ms->timer);
@@ -1011,7 +1011,7 @@
#endif
}
}
- skb->csum = csum_partial(portptr + sizeof(struct tcphdr),
+ skb->csum = csum_partial((void *)(((struct tcphdr *)portptr) + 1),
size - sizeof(struct tcphdr), 0);
tcp_send_check((struct tcphdr *)portptr,iph->saddr,iph->daddr,size,skb);
}
========================CUT HERE=======================
You can also find this patch on our ftp site:
ftp://ftp.xos.nl/pub/linux/ipfwadm/patch-1.3.66-masq
-- -- Jos Vos <jos@xos.nl> -- X/OS Experts in Open Systems BV | Phone: +31 20 6938364 -- Amsterdam, The Netherlands | Fax: +31 20 6948204