Re: AW: ipmasq support in potato kernel

To: Debian Userlist <debian-user@lists.debian.org>
Subject: Re: AW: ipmasq support in potato kernel
From: Nathan E Norman <nnorman@micromuse.com>
Date: Thu, 23 Aug 2001 22:23:30 -0500
Message-id: <[🔎] 20010823222330.C13606@micromuse.com>
Mail-followup-to: Debian Userlist <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20010823231109.A3020@spoon>
References: <[🔎] 001501c12bd0$548e7a20$100aa8c0@macron.at> <[🔎] 19222087510.20010823160734@pitpalme.de> <[🔎] 20010823213902.A1816@spoon> <[🔎] 20010823213159.B13606@micromuse.com> <[🔎] 20010823231109.A3020@spoon>

On Thu, Aug 23, 2001 at 11:11:09PM -0400, Mike McGuire wrote:
> On Thu, Aug 23, 2001 at 09:31:59PM -0500, Nathan E Norman wrote:
> >
> > [my garbage snipped]
> > 
> > Bzzzt.
> > 
> > ipmasq (the package) is simply a collection of SCRIPTS that, depending
> > on which kernel you have installed, enables IP Masquerading via
> > ipchains, iptables, or ipfwadm (whatever the 2.0 stuff was called).
> > The ipmasq package does _not_ include any modules or other code which
> > actually does the masquerading (since htat's the job of the kernel.
> 
> 
> eh. That's what I meant, I think. :)  Start again:
> 
> ipmasq uses the standard kernel support of ip(fwadm|chains|tables) to 
> do the same thing as the special kernel masquerading module for ip$1. 
> 
> That's a lot clearer, and more concise, than the mess I originally 
> posted, at least if you can understand the pseudo-regexps. :) The 
> conclusions still stand, though:
>   1) the result is the same

No.

>   b) IF you have the special superFOO deluxe masquerading module in 
>         the kernel THEN you don't need ipmasq, and 

You're looking at it backwards.  If you install ipmasq (the package),
your kernel must have firewalling support compiled in.  Otherwise the
ipmasq package is useless.

Of course, you don't _need_ to install ipmasq to use the functionality
you've compiled into the kernel; it just makes it easier.

> iii) the module should be faster. or it might play "Yankee Doodle" 
>         through the PC speaker when someone uses SSH.

NO.

> > IIRC, a potato install leaves you with a kernel that does have
> > ipchains support; however, I always recommend compiling a custom
> > kernel, especially if you're manipulating packets.
> 
> Same here. If it's faster, and I expect it would be, that's better. 
> Of course, if you're just masqing one box over a modem, I doubt it 
> would make a difference. But compiling kernels is fun. :)

I don't understand what you're on about with this "faster" stuff.  IP
Masq support in the kernel is ip masq support.  It doesn't work
automatically; you have to configure it.  The ipmasq package does
exactly that.

-- 
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd.                 | than a perfect plan tomorrow.
mailto:nnorman@micromuse.com   |   -- Patton

Attachment: pgpqWSAvGN537.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: AW: ipmasq support in potato kernel
  - From: Mike McGuire <mjm19@po.cwru.edu>

References:
- AW: ipmasq support in potato kernel
  - From: "Andreas Leitner" <aleitner@macron.at>
- Re: AW: ipmasq support in potato kernel
  - From: Peter Palmreuther <lists@pitpalme.de>
- Re: AW: ipmasq support in potato kernel
  - From: Mike McGuire <mjm19@po.cwru.edu>
- Re: AW: ipmasq support in potato kernel
  - From: Nathan E Norman <nnorman@micromuse.com>
- Re: AW: ipmasq support in potato kernel
  - From: Mike McGuire <mjm19@po.cwru.edu>

Prev by Date: Re: AW: ipmasq support in potato kernel
Next by Date: BTC-1831 Sound Card (Opti 1688)
Previous by thread: Re: AW: ipmasq support in potato kernel
Next by thread: Re: AW: ipmasq support in potato kernel
Index(es):
- Date
- Thread