Benefits of ipmasq?

To: debian-user@lists.debian.org
Subject: Benefits of ipmasq?
From: Viktor Rosenfeld <rosenfel@informatik.hu-berlin.de>
Date: Tue, 13 Feb 2001 00:08:36 +0100
Message-id: <[🔎] 3A886CF4.B8915F3D@informatik.hu-berlin.de>

Hello,

sorry for my ignorance, but could someone please explain to me the
benefits of ipmasq?  

Background information: Although I should have been learning yesterday,
I upgraded my old little slink-based router to potato.  The upgrade
actually worked fine, except that the networking broke, because I was
missing some kernel 2.0-related infos in /etc/network/interfaces.  Other
than that everything went smooth.  Just as I learned to expect it from
Debian.

Later then, I upgraded to an 2.2.17 kernel, forgetting that ipfwadm was
replaced by ipchains.  I didn't have much time, so I installed the
ipmasq package, in hope that it would take care of NAT.  Well, think
again.  For some reason it won't work smoothly with my ISDN and
networking infrastructure.  Right now, the only thing I need to do is
restart /etc/init.d/ipmasq after the booting, which is not a big deal,
because the machine is not rebooted anyway.

Well, to get to the point, I looked at the infrastructure ipmasq
generates and also read the documentation, and I am wondering, why so
much overkill is being done?  Generally I like the Debian way of
splitting the configuration data from the actual configuration commands
in order to make the actual data more readable.  The networking
infrastructure (ipupdown and friends) is a great example.  But isn't
ipmasq a little overboard?  I mean, the rule files don't even hide the
actual ipchains/ipfwadm commands, they're shell scripts!

Also, in the case of firewall adminstration, wouldn't it be better to
have _ALL_ the rules written out in one file, instead of having a
seperate file for (almost) every single rule, which is sourced?  The
latter reminds me too much of the RedHat way of configuring stuff, which
I find extremely confusing.  In the docs, Brian writes that he's doing
it this fine-grained way, so each rule can be changed individually
without bothering with the rest.  For one, I would argue that with
firewalling the rule set should be taken into account any time, and
secondly, I would say that one big file with all the rules would be much
more easier to maintain.

But then again, I might simply be to stupid (err, tired) to see all the
glory of ipmasq, so if someone is up to it, I'm willing to learn.

Cheers,
Viktor
-- 
Viktor Rosenfeld
WWW: http://www.informatik.hu-berlin.de/~rosenfel/
Geek Code (3.1):
  GCS/SS d-@ s+: a20 C++@ UL++$ P+ L+++ E--- W++ N++ o? K? !W O? M? V?
  PS++@ PE+(-) Y+ P?(+++) t+ 5+ X- R? !tv b+ DI+ D- G e>+++ h-- r- !y+

Reply to:

Prev by Date: Re: How to set DPI when running KDM? SOLVED
Next by Date: Re: partition HELP
Previous by thread: Re: exim loosing mail?
Next by thread: wav --> audio cd
Index(es):
- Date
- Thread