On 10/4/07, Florin Andrei <florin at andrei.myip.org> wrote: > These systems will be minimal installs - even less than the default > minimal that can be achieved via Anaconda, plus a couple custom > packages. Think - home-made appliances, or sorts. There will be very, > very few things running on these machines. > > The problem with kernel 2.6.18 is that netfilter has the old (I mean, > current) braindead conntrack that is loaded when NAT is used. > Now, configure pktgen full blast over a gigabit link, small UDP packets, > set it to generate random source IPs (DDoS simulation) and point it to a > Linux router with conntrack loaded, and you'll see why I can't use the > default kernel. > > Apparently there will be improvements in that regard in 2.6.23, and I've > heard that 2.6.24 will actually be able to do 1:1 NAT without conntrack. > -- > Florin Andrei As pointed out earlier, whether or not a vanilla kernel runs with no issues would depend on what else is running on the system, and there are people who have been compiling and using a newer kernel for one reason or another. You can find one such example in this CentOS forum post by Lenard who has been helping those who need to compile newer kernels: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=10001&forum=37&post_id=32063#forumpost32063 Akemi