Hello Paul,
Friday, January 11, 2008, 1:06:54 AM, you wrote:
> Paul S wrote:
>> Is wiki user speculatrix on these lists? I'd like to discuss
>>changes made to AngstromManual.
> yes, guilty as charged
Ok, I'm glad we now know who's who ;-).
> On 10/01/2008, Koen Kooi <[EMAIL PROTECTED]> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Paul Sokolovsky schreef:
>> | Hello,
>>
>> | + NAT all outgoing traffic to the internet (eth0 would be the external
>> interface):
>> | + {{{
>> | + iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>> | + echo "1" >/proc/sys/net/ipv4/ip_forward
>> | + }}}
>> | +
> this is the form I have ALWAYS seen until I saw the angstromanual wiki
> do masq'ing on the basis of source addresses!
> not only that, it's the most useful form especially if you have a
> multi-homed gateway with a lot of rfc1918 networks behind it. for
> example, I have a cat5 wired network, a bluetooth pan network, some
> bluetooth rfcomm/ppp (for Palm PDA) and a wireless network (which is
> highly isolated from the others). In this case, masquerading on the
> outbound interface is
> 1/ easy to do
> 2/ easy to understand
> 3/ isn't affected if you do funky internal subnetting
Well, multi-homed setup was exactly my concern. User need to know
details of this setup and which interface to use for masquerading. On
the other hand, doing it by source address doesn't require external
info, just to substitute IP address used for handheld (and that's
in user's current focus anyway).
> if you want to simplify it, delete the one based on source addresses!
But well, if you think that form is better, let it be that way. So,
feel free to delete the other one, or I'll do that next time I edit.
> Paul
--
Best regards,
Paul mailto:[EMAIL PROTECTED]
_______________________________________________
Angstrom-distro-users mailing list
[email protected]
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/angstrom-distro-users
