Re: SNAT or MASQUERADE?
> > SNAT would be. However, you better make sure that each time the IP
> > address of your interface changes, your firewall script runs. You
> > could do this in Debian by putting your firewall script in
> > /etc/ppp/ip-up.d/. But also please keep in mind that your firewall
> > rules should be put in place *before* any external interfaces are
> > brought on-line.
> Isnt this assuming that the internet connection uses ppp?
> Cablemodem, for instance, doesnt use ppp at all - a fact that seems to
> have escaped the maintainer of the dhcpcd package too. How would one
> solve this problem in the case of cablemodem?
Cable uses an ethernet interface - check out the debian commands
ifup and ifdown and the config file /etc/network/interfaces - in
particular the pre-up and post-down fields.
You shouldn't need dhcpd for cable - dhclient is sufficient.
Don't be scared by cable companies calling their IP addresses
"dynamic". The fact is that DHCP allocates IP addresses based
on a hash of your MAC address. As long as your box is up most
of the time (and with Linux why wouldn't it be) you're IP address
won't change. I've had the same IP address since I was connected
3 months ago. Before that I was with another cable provider for
4 months - again same IP address the whole time.
Paul Haesler email@example.com