Re: "IP Masquerading for applications"

Alan Cox (
Sun, 7 Apr 1996 12:19:55 +0100 (BST)

> The problem with it at present is it leads people to believe that it will
> always if it happens to work occasionally.

Linux 1.3.x is a DEVELOPMENT kernel release. If you don't understand what
the word "Development" means then we might as well give up now.

> There are other non-commercial solutions which can easily be used in its
> place. The "IP masquerading" is treading into the "transparent proxy"
> world and going head first.

Good. Its also wonderfully useful for a few other things like session
hijacking and the like, which to me indicates it is useful and basically
does work. Head first is fine by me so long as by 2.0 release date its
got its feet on the floor as well.

> The FTP stuff was bad enough, but to then see the same horror propogate
> to IRC - that solution is even worse than the FTP code! Either the
> person who wrote that doesn't understand how CTCP works or they're just
> plain naive.

The 1.3.x code is development - has that sunk in yet. There are several bugs
with fragment handling, receiving runt tcp frames and the like being worked
on as well as support for other protocols and keeping the state to handle
commands split across two frames (which yes could but never actually does

> Anyway, if it stays as it is, I'll just have another thing to bag Linux
> as a (and part of a) solution for firewalls with, it otherwise makes no
> difference to me :-) I just thought I'd make sure people were aware
> of how bad it was getting. Seems like I should have kept my mouth shut
> and not mentioned it!

Given your entire life is spent trying to rubbish linux and then make out
its something you hate doing not a personal vendetta I find that a bit
stretched. Rather I suspect like the edges of your mouth by now.