Ira Abramov wrote: > you know how HARD I had to press them to get MPLS?! they hate giving > that away! it's WAY more stable and WAY more convenient, and you have > lower latency as a bonus. pptp/pppoe and even L2TP are not my cup of > tea. > I take it MPLS is "without a dialer" ? I can't believe it's such a big deal here to change :) I must admit a week went by with nothing happening, I phoned them again and they said they'd sort it out, another week with nothing, so I decided to just stick with no dialer.. you're right, it does seem somewhat more convenient... but to be honest I never had any problems with pppoe or l2tp. > you want a firewall anyway, might as well make it a masquarading one, > whether it connects the world with MPLS or pppoe. > well, since both my physical PCs are running Linux it's actually quite nice to not have my laptop dependent on my other PC anymore for routing, and have it's own IP. My laptop is now doing masquerading for my windows virtual pc in vmware, but I'm quite happy for both the physical linux boxes to have their own connection and handle their own firewall with masquerading. > well, I think it's worth getting another 80-100 NIS card for that on the > one hand, but on the other hand, it's very much doable with plain > IPTABLES. I have not used shorewall yet. > well, yes, that would easily solve my problems, but it's a bit annoying on principle... because aside from the firewall I already have the whole idea working great by just putting my one card on two different subnets. But I seem to recall that shorewall's lack of support is based on iptables limitations -- on dealing with aliases interfaces. > how did you solve this in the end? > I didn't... as I said after 3 weeks of not being moved back to "with a dialer", I decided maybe it's not such a bad thing.
Gadi -- Gadi Cohen aka Kinslayer <[EMAIL PROTECTED]> www.wastelands.net Freelance admin/coding/design HABONIM DROR linux/fantasy enthusiast KeyID 0x93F26EF5: 256A 1FC7 AA2B 6A8F 1D9B 6A5A 4403 F34B 93F2 6EF5
