Re: AW: ipmasq support in potato kernel
On Thu, Aug 23, 2001 at 09:31:59PM -0500, Nathan E Norman wrote:
>
> [my garbage snipped]
>
> Bzzzt.
>
> ipmasq (the package) is simply a collection of SCRIPTS that, depending
> on which kernel you have installed, enables IP Masquerading via
> ipchains, iptables, or ipfwadm (whatever the 2.0 stuff was called).
> The ipmasq package does _not_ include any modules or other code which
> actually does the masquerading (since htat's the job of the kernel.
eh. That's what I meant, I think. :) Start again:
ipmasq uses the standard kernel support of ip(fwadm|chains|tables) to
do the same thing as the special kernel masquerading module for ip$1.
That's a lot clearer, and more concise, than the mess I originally
posted, at least if you can understand the pseudo-regexps. :) The
conclusions still stand, though:
1) the result is the same
b) IF you have the special superFOO deluxe masquerading module in
the kernel THEN you don't need ipmasq, and
iii) the module should be faster. or it might play "Yankee Doodle"
through the PC speaker when someone uses SSH.
> IIRC, a potato install leaves you with a kernel that does have
> ipchains support; however, I always recommend compiling a custom
> kernel, especially if you're manipulating packets.
Same here. If it's faster, and I expect it would be, that's better.
Of course, if you're just masqing one box over a modem, I doubt it
would make a difference. But compiling kernels is fun. :)
TMTOWTDI, YMMV, HTH, HAND, etc. :)
Mike McGuire
Reply to: