Re: NAT iptables routing issue, flamewar solution.
On 9 Jul 2004, Mike Mestnik wrote:
> for email@example.com
> Dose any one have a Debian Firewall site? We may wish to have a HOWTO
> and FAQ about this subject. There is lots of info and security issues
> that could populate this site. I would be willing to select what info
> should be on this site, correct wording, and alert web staff of
> problems. This would manly consist of copying the list so that the
> info can easily be changed without every one having to update there
Isn't that what the public list archive is for? Most people search the
archives, and with google, before posting, and that turns up solutions
most of the time.
If you really want to produce additional documentation, a Debian Network
Administration manual, or even a replacement for the long-dead Linux
Network Administration Guide would be good.
> This topic affects many ppl and has several working solutions. It's clear
> that no one solution will ever win and that debian should directly support
> these configs.
Debian does support all of the options for managing NAT onto the same
physical network. If it didn't, it would be easier to answer people with
either "can't be done", or "this is the only way." :)
> 1. There should be a HOWTO and FAQ instead of flames on this list. Simply
> because no one person is an expert on every solution. It's simpler to say
> RTFH and provide a URL than to reexplain how a NIC(22nd century wheel)
This seems like a very odd statement to me. I don't know what "flames"
you saw on the list, but all the responses to this question were
perfectly civil and helpful.
Also, you will note that the majority of list participants did not, in
fact, respond to this question. This would be because they had nothing
to add to the discussion -- because, as you say, no one is an expert in
That said, if you feel that any topic is important enough, feel free to
write up a page on your website and post a URL. I know a number of
people who have done exactly that, on topics such as Unix Permissions,
because they so ofter answer that question...
> 2. This means that helper programs that setup NAT should allow the user to
> chose what solution he is willing to use(As a wishlist bug).
This is, for all the tools I have worked with, possible, but...
> Any NAT helper that simply leaves this broken setup has a bug(normal
> or grater) that needs fixing.
...what you propose here is that they *automatically* solve the problem.
Since this is an uncommon problem, and there is *no* "right" solution in
all cases, having any tool try to automate a fix for it is asking for
There is, of course, no reason why you can't file the bug you talk about
here, and if you supply a good patch to the developer it should get
added without any trouble, I expect.
 ...or maybe someone will tell me this is still maintained?
Nature provides a free lunch, but only if we control our appetites.
-- William Ruckelshaus, _Business Week_, 18 June 1990