Hello, sorry for my ignorance, but could someone please explain to me the benefits of ipmasq?
Background information: Although I should have been learning yesterday, I upgraded my old little slink-based router to potato. The upgrade actually worked fine, except that the networking broke, because I was missing some kernel 2.0-related infos in /etc/network/interfaces. Other than that everything went smooth. Just as I learned to expect it from Debian. Later then, I upgraded to an 2.2.17 kernel, forgetting that ipfwadm was replaced by ipchains. I didn't have much time, so I installed the ipmasq package, in hope that it would take care of NAT. Well, think again. For some reason it won't work smoothly with my ISDN and networking infrastructure. Right now, the only thing I need to do is restart /etc/init.d/ipmasq after the booting, which is not a big deal, because the machine is not rebooted anyway. Well, to get to the point, I looked at the infrastructure ipmasq generates and also read the documentation, and I am wondering, why so much overkill is being done? Generally I like the Debian way of splitting the configuration data from the actual configuration commands in order to make the actual data more readable. The networking infrastructure (ipupdown and friends) is a great example. But isn't ipmasq a little overboard? I mean, the rule files don't even hide the actual ipchains/ipfwadm commands, they're shell scripts! Also, in the case of firewall adminstration, wouldn't it be better to have _ALL_ the rules written out in one file, instead of having a seperate file for (almost) every single rule, which is sourced? The latter reminds me too much of the RedHat way of configuring stuff, which I find extremely confusing. In the docs, Brian writes that he's doing it this fine-grained way, so each rule can be changed individually without bothering with the rest. For one, I would argue that with firewalling the rule set should be taken into account any time, and secondly, I would say that one big file with all the rules would be much more easier to maintain. But then again, I might simply be to stupid (err, tired) to see all the glory of ipmasq, so if someone is up to it, I'm willing to learn. Cheers, Viktor -- Viktor Rosenfeld WWW: http://www.informatik.hu-berlin.de/~rosenfel/ Geek Code (3.1): GCS/SS d-@ s+: a20 C++@ UL++$ P+ L+++ E--- W++ N++ o? K? !W O? M? V? PS++@ PE+(-) Y+ P?(+++) t+ 5+ X- R? !tv b+ DI+ D- G e>+++ h-- r- !y+
