On Thu, Aug 23, 2001 at 09:39:02PM -0400, Mike McGuire wrote: > > I'm using package 'ipmasq' for starting / stopping firewall and I've not seen > > it loads a separated module for activating this functionality. > > eh. This is just a guess, but I'm guessing that the ipmasq program > uses the standard firewall rules to do masquerading. Or you can do > a kernel compile and enable the module / option for masquerading in > the kernel. There shouldn't be any real difference between them, > other than with the kernel support a simple rule would do the job > without needing the ipmasq package, and might be slightly faster. Bzzzt. ipmasq (the package) is simply a collection of SCRIPTS that, depending on which kernel you have installed, enables IP Masquerading via ipchains, iptables, or ipfwadm (whatever the 2.0 stuff was called). The ipmasq package does _not_ include any modules or other code which actually does the masquerading (since htat's the job of the kernel. IIRC, a potato install leaves you with a kernel that does have ipchains support; however, I always recommend compiling a custom kernel, especially if you're manipulating packets. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:nnorman@micromuse.com | -- Patton
Attachment:
pgpJDFuIJ4NOr.pgp
Description: PGP signature