9 May
2001
9 May
'01
10:20
IMHO a packet filter like ipchains can only decide what to do with a packet by looking at this very packet. So if you get a packet without SYN Flag set from somewhere to , say, port 61500, how can ipchains know if it's a response to a masqueraded request or a response to a request from al local app using this port ? It is not decided by ipchains, but the kernel. The kernel knows the masqueraded connections, and can differ between local and masqueraded connections therefore.
hth Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \