just as a note, in my experience, netfilter/iptables does exactly what *I* think it should do, and treats these two variables as exactly the same. Bits that are set in the masked-off portion of a network definition are completely ignored.
So, yes, I'd a agree that this is a *very bad* choice of variables. -Joe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Antony Stone > Sent: Saturday, June 22, 2002 3:46 AM > To: [EMAIL PROTECTED] > Subject: Re: Rule question > > > On Saturday 22 June 2002 8:35 am, Patrick Petermair wrote: > > > Hi! > > > > I've read the following example script for a linux box with masquerading > > and some firewall rules: > >http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/examples/rc.fir > ewall-2.4-stronger > > I've just had a look at this script, and I don't like a couple of the > variables he's set: > > INTNET="192.168.1.0/24" > INTIP="192.168.1.1/24" > > That INTNET is all very well, but the INTIP is a single address, and > therefore should end in /32, not /24. > > Given this little error, it might be worth checking the rest of > this guy's > script to see if any other little inaccuracies have crept in... > > > > Antony. > > >
