0.1.7 success and failure
Paul Rusty Russell
Paul.Russell@rustcorp.com.au
Thu, 09 Sep 1999 16:20:55 +0930
In message <Pine.LNX.4.10.9909060921510.539-100000@wr5z.localdomain> you write:
> netfilter 0.1.7 finally compiles (modulo the previously noted one-line
> patch) and runs but has some problems. Doing an insmod ipchains.o as
> mentioned in the howto works, and the ipchains rules can be inserted as
> expected. However, netscape 4.6 performance from a masqueraded machine
> on the home lan (a Win98 box) is extremely poor.
Hmm, this is wierd. Define `extremely poor'. Long delays looking up
new sites (implies a DNS problem)? Long delays retrieving new pages
(implies a connection setup problem)? Slow throughput downloading
large files (implies a continuous problem)...
> I'm getting the
> following messages in /var/log/messages:
> Sep 6 08:19:44 wr5z kernel: ip_fw: packet drop due to netlink failure
Yeah, my patch for when CONFIG_NETLINK_DEV was not set was bogus.
Remove the net_ratelimit & printk lines from ipchains_core.c for the
moment: 1.0.8 fixes this.
Thanks,
Rusty.
--
Hacking time.