On Sat, Dec 05, 1998 at 03:07:22AM -0600, Fuzzy Fox wrote: > [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > 1) I don't have a static IP. Does that actually impact my configuration? > > No. I ran masquerade on my system for about a year without any static > IP. I have one now, but, I'm not all that sure that there's a big > advantage. :) Sorry, I didn't provide enough details. I run pppd under Dan Bernstein's "supervise" program from his daemontools package (http://pobox.com/~djb/daemontools.html), which automatically restarts a program when it exits. The net effect is that every time the connection is lost, the system redials automatically. And has a new IP address and potentially a new gateway. But now that I observe this behavior, I see that my pppd scripts automatically change the default route to the internet gateway address after each successful connection. > > 3) Conceptually, I'm having problems with the idea of setting the linux > > server as the gateway for all LAN machines which are taking advantage > > of IP Masq. Do I need to set up some routing rules for packets which > > are actually being sent to other machines on the LAN, as opposed to > > the ones destined for the internet? > > Routes are only needed to determine where traffic should go that is not > destined for a directly-connected net. Your machines already know how > to send directly to each other on the LAN. You only use a route to > teach your machines how to route to other networks, and in this case, > one default route will do the trick, directing foreign traffic through > the masq box. I'm sorry, but I don't understand this. Two TCP/IP layers are relevant to this discussion, in my mind: The Transport Layer, and the Network Layer (let me know if I'm totally off base here). The Transport Layer contains the ultimate origin of the network data, and the ultimate destination. The Network Layer contains "where this packet should be sent next." A packet broadcast from a host has a Transport destination of the final host IP address and a Network destination of the gateway machine. Am I on track so far? I'm reading and being told to set the IP Masq machine as the gateware for every single client machine which is being granted masq privleges. But doesn't that mean every single packet broadcast from those machines with have a Network destination of the Linux machine acting as the IP Masq host? Doesn't that mean that if I configure a Win95 host on the network to use the IP Masq machine as the gateway will send every single network packet to that host? The above statemetn is that "Your machines already know how to send directly to each other on the LAN." I don't see how that can be true. Right now, as I understand it, we set the network switch as the gateway, the switch peeks as the final destination, replaces the packet header, and broadcasts the packet on the correct physical connection. Again, if I set the gateway to Host X, aren't I relying on host X to do all the routing for the machine? Since Win95 doesn't seem to have the ability to set up a routing table, how can it distinguish between a packet which needs to be sent to host X for routing to the Internet, and a packet which it can send to the switch for routing? > > How are these routing rules affected by the fact that I have a dynamic > > IP on the internet side? > > Your masq box has two IP addresses. One is dynamic, on the ppp0 > interface; the other is static, and is the IP you choose for the box on > your local LAN. Your routes from the other boxes are directed to that > static eth0 address, and so the dynamic IP doesn't even matter to them. > They don't have to know or care. :) Gotcha. I wasn't being specific enough. I am worrying about the case where pppd loses a connection and redials into the ISP to get a new internet gateway. It turns out pppd can be configured to change the default route automatically. You have to use the default route for the dynamic internet gateway address, and have routes set up for all other networks the box might happen to be connected to. -- John White Triceratops Admin [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
