Re: IP Firewalling/Redirect

Major'Trips' (major@jimco-fwt.com)
Tue, 5 Jan 1999 17:15:44 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tim Waugh: "Re: bug in ppa driver"
Previous message: David S. Miller: "Re: TCPdump"

On Wed, Jan 06, 1999 at 09:53:20AM +1100, John Newnham wrote:
> In article <19990103234550.A3743@jimco-fwt.com> you write:
> > On Sun, Jan 03, 1999 at 05:50:38AM -0600, Major'Trips' wrote:
> > > Problems came when I tried to ping/telnet ..ect.. ( use anything
> > > other then nslookup ). The request would hang and I would get back
> > > something to the aspect of "host not found" after a timeout period.
> ...
> > Thusly I would reccomend that apon handling a redirection on
> > the input I would think the output of that port would need to
> > be translated in some way to perform a trully transparent
> > feature.
>
> UDP is a datagram protocol. It does not form a virtual circuit.
>
> TCP is a connected protocol. It _does_ form a circuit, as soon as
> the connection is made. The circuit carries data in both directions.
>
> You have redirected the UDP traffic flowing in one direction.
> You have _not_ redirected the UDP traffic flowing in the other
> direction.
>
> Things are working exactly as they are designed to work.
>
> bfn,
>
> ashtray

I was not aware that redirection could occure on the outbound
rule. Actually. Looking at the documentation I don't see that
it can.

-- "Reality is what you can get away with!" ++Robert Anton Wilson Major'Trips' E-Mail : shadow@cyberwizards.com || major@jimco-fwt.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Tim Waugh: "Re: bug in ppa driver"
Previous message: David S. Miller: "Re: TCPdump"