[dropping individuals as recipients] Quoting Sunil Mohan Adapa (2019-07-31 17:46:44) > On 31/07/19 7:46 am, Wookey wrote: > [...] > > > > What is the modern equivalent of 'ipmasq'? I still miss this tool on > > a regular basis and loved what it did. I have not found a > > replacement and forever end up looking up runes on the net and doing > > it by hand with iptables. ('it' being setting up my machine to > > listen on one interface (e.g. to a dev board) and forward everything > > to/from the real internet (wifi or ethernet). ipmasq did agreat job > > of hiding the previous transition from ipchains to iptables. I've > > never heard of nftables which is apparently the new thing. Nor > > firewalld - perhaps it would do what I want? > > > > For those too young to know, ipmasq basically does(did - removed in > > 2009!) what the script on this page does for you: > > https://debian-administration.org/article/23/Setting_up_a_simple_Debian_gateway > > I believe this is done in firewalld by assigning the outgoing network > interface to 'external' zone and other network interfaces to > 'internal' zone. > > Alternatively, setting 'masquerade=yes' property on the zone that is > assigned outgoing network interfaces should achieve the same result.
Alternatively, using systemd-networkd (i.e. not needing firewalld or network-manager or ifupdown) you can set IPMasquerade=yes for /etc/systemd/network/*.network profiles (see "man systemd.network") of each device that should be masqueraded (that is, the _opposite_ interfaces than the ones you would flag in firewalld). - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature