Re: [suse-security] Masquerading connects very slow
able to access every web site. Actually, just a short list of sites. Among those was hotmail.com. This is a big problem because there are about a dozen different IPs in use by hotmail.
Only a dozen? Try www.gmx.{de,net} ... Just specify www.hotmail.com to ipchains instead of a single IP, and ipchains will insert a rule for each IP it gets from the DNS lookup. The bunch of IPS for hotmail shouldn't change all that often, and you could re-insert the hotmail rule every so often.
One more question, I'm just dropping connection attempts to doubleclick's servers. So, the connections time out with an error message. There's a better way. Right?
Seems to work for me. Appended to the output chain. I use a reject, not deny, and netscape seems to give up after few attempts. Volker
On Wed, 20 Sep 2000, Volker Kuhlmann wrote:
Just specify www.hotmail.com to ipchains instead of a single IP, and ipchains will insert a rule for each IP it gets from the DNS lookup. The bunch of IPS for hotmail shouldn't change all that often, and you could re-insert the hotmail rule every so often.
Note: As I understand it this will require DNS to be accessable when firewall script is run. /cog
participants (2)
-
cogNiTioN
-
Volker Kuhlmann