[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian netbase 3.17-1 init.d scripts

On Tue, Feb 22, 2000 at 10:31:41PM -0800, Joey Hess wrote:
> Jeff Sheinberg wrote:
> > so, how does your new scheme cleanly handle, in my case,
> > everything that I need to do to setup masquerading properly?
> I just converted over to using the new method, via stanza's like this:
> iface eth0:0 inet static
> 	address
> 	netmask
> 	gateway

(Note that this is for a default gw)

> 	echo 1 >/proc/sys/net/ipv4/ip_always_defrag
You probably want `up echo..' there.

>         up ipchains -P forward DENY
>         up ipchains -A forward -j MASQ -s

And actually, the point about having /etc/network/options be part of
/etc/network/interfaces makes a certain amount of sense.

	options inet
		forwarding            # implicitly yes
		always-defragment no
		syn-cookies yes

	iface eth0 inet static

or similar, perhaps. Hmmm.

> That seems to work. It would be nice if there was a way to easily turn on
> IP masquerading via some simple keyword. Anthony?

apt-get install ipmasq # ?

I could do a `masquerade' option [0], I guess, but I don't want to end
up having different hardcoded options for every possibility under the
sun (``I want my smtp, bind, and http ports redirected to my firewall,
so what options do I add to /e/n/interfaces?''). There are some things
general scripts *are* better for, IMO.


[0] Something like:

	iface eth1 inet static
		option masquerade


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpCSXBoZ8Bzc.pgp
Description: PGP signature

Reply to: