Re: default firewall utility changes for Debian 11 bullseye
On Wed, 31 Jul 2019 at 15:46:39 +0100, Wookey wrote:
> What is the modern equivalent of 'ipmasq'? I still miss this tool on a
> regular basis and loved what it did. I have not found a replacement
> and forever end up looking up runes on the net and doing it by hand
> with iptables. ('it' being setting up my machine to listen on
> one interface (e.g. to a dev board) and forward everything to/from the
> real internet (wifi or ethernet).
Perhaps not the answer you were looking for or expecting, but:
NetworkManager?
Configure your uplink connection, e.g. wifi, as you usually would, then
configure the interface that points to your dev board with method=shared
in the [ipv4] section. In nm-connection-editor that's spelled "Shared
with other computers"; other GUIs may vary (and simpler UIs for
NetworkManager, like the one in GNOME Shell, don't necessarily offer that
option). See nm-settings(5) for details.
Or if you prefer fewer GUIs, systemd.network(5) networks can be configured
with IPMasquerade=yes and IPForward=ipv4, which enables routing according
to the routing table (and is documented as not implying any firewalling,
so add a firewall if the policy you want is not "any interface relays
to any other interface").
> Nor firewalld - perhaps it would do what I want?
firewalld is really for firewalling, and not for the various other things
that share the netfilter kernel interface.
smcv
Reply to: