On Tue, Feb 22, 2000 at 10:31:41PM -0800, Joey Hess wrote: > Jeff Sheinberg wrote: > > so, how does your new scheme cleanly handle, in my case, > > everything that I need to do to setup masquerading properly? > > I just converted over to using the new method, via stanza's like this: > > iface eth0:0 inet static > address 63.193.116.241 > netmask 255.255.255.0 > gateway 63.193.116.254 (Note that this is for a default gw) > echo 1 >/proc/sys/net/ipv4/ip_always_defrag ^^^ You probably want `up echo..' there. > up ipchains -P forward DENY > up ipchains -A forward -j MASQ -s 10.0.0.0/8 And actually, the point about having /etc/network/options be part of /etc/network/interfaces makes a certain amount of sense. options inet forwarding # implicitly yes always-defragment no syn-cookies yes iface eth0 inet static address 1.2.3.4 netmask 255.255.255.0 gateway 1.2.3.1 or similar, perhaps. Hmmm. > That seems to work. It would be nice if there was a way to easily turn on > IP masquerading via some simple keyword. Anthony? apt-get install ipmasq # ? I could do a `masquerade' option [0], I guess, but I don't want to end up having different hardcoded options for every possibility under the sun (``I want my smtp, bind, and http ports redirected to my firewall, so what options do I add to /e/n/interfaces?''). There are some things general scripts *are* better for, IMO. Cheers, aj [0] Something like: iface eth1 inet static address 1.2.4.1 netmask 255.255.255.0 network 1.2.4.0 option masquerade maybe. -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG encrypted mail preferred. ``The thing is: trying to be too generic is EVIL. It's stupid, it results in slower code, and it results in more bugs.'' -- Linus Torvalds
Attachment:
pgpCSXBoZ8Bzc.pgp
Description: PGP signature