Folk, Linux router Dalton is described and illustrated here. http://carnot.yi.org/NetworksPage.html http://carnot.yi.org/NetworkExtant.jpg On Dalton, eth0 is the interface to the internet. Cantor is masqueraded via eth1 in the diagram, LocLCS106703196 in the configuration. There is also a modem with ppp0 for masquerading another machine. In /etc/shorewall/interfaces, should such a ppp interface have the same options as eth1(<Loc+)? Specifically this. loc Loc+ detect tcpflags,nosmurfs,routeback loc ppp+ detect tcpflags,nosmurfs,routeback Any other options recommended for masquerading via ppp? Thanks, ... Peter E. -- Telephone 1 360 450 2132. 7785886232 is gone. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . ------------------------------------------------------------------------------ What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
On 12/5/10 2:18 PM, peasthope@shaw.ca wrote:> Folk, > > Linux router Dalton is described and illustrated here. > http://carnot.yi.org/NetworksPage.html > http://carnot.yi.org/NetworkExtant.jpg > > On Dalton, eth0 is the interface to the internet. Cantor is masqueraded via > eth1 in the diagram, LocLCS106703196 in the configuration. There is also a > modem with ppp0 for masquerading another machine. In /etc/shorewall/interfaces, > should such a ppp interface have the same options as eth1(<Loc+)? Specifically > this. > loc Loc+ detect tcpflags,nosmurfs,routeback > loc ppp+ detect tcpflags,nosmurfs,routeback > Any other options recommended for masquerading via ppp?Okay -- let''s review the available options that you have not specified: arp_filter, arp_ignore, proxyarp: ppp interfaces don''t use ARP blacklist: Do you want to blacklist to/from addresses on this interface? bridge: Clearly not appropriate as ppp devices are not bridges dhcp: Clearly not appropriate (DHCP isn''t used on PPP interfaces) logmartians and routefilter: I think that these are always appropriate maclist: L2 (MAC) addresses aren''t used on PPP links required and optional: Is it either? soureroute: Only hackers use that option upnp and upnpclient: Do you need either? wait: Do you need it? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
From: Tom Eastep <teastep@shorewall.net> Date: Sun, 05 Dec 2010 18:22:55 -0800> Okay -- let''s review the available options that you have not specified: > arp_filter, arp_ignore, proxyarp: ppp interfaces don''t use ARPYes.> blacklist: Do you want to blacklist to/from addresses on this interface?No.> bridge: Clearly not appropriate as ppp devices are not bridges > dhcp: Clearly not appropriate (DHCP isn''t used on PPP interfaces) > logmartians and routefilter: I think that these are always appropriate > maclist: L2 (MAC) addresses aren''t used on PPP linksYes.> required and optional: Is it either?The link is for a masqueraded dial-in system. Certainly not required for Shorewall startup.>From http://www.shorewall.net/manpages/shorewall-interfaces.html"optional When optional is specified for an interface, Shorewall will be silent when: * a /proc/sys/net/ipv4/conf/ entry for the interface cannot be modified (including for proxy ARP). * The first address of the interface cannot be obtained." I don''t understand those topics. Will investigate and study.> sourceroute: Only hackers use that optionNot me.> upnp and upnpclient: Do you need either?Reference http://en.wikipedia.org/wiki/Universal_Plug_and_Play I don''t use UPnP.> wait: Do you need it?No. Incidentally, several of these options aren''t mentioned in the man page on my Debian Squeeze but the *.html man page covers all. Very helpful. Thanks! ... Peter E. -- Telephone 1 360 450 2132. 7785886232 is gone. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . ------------------------------------------------------------------------------ What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
On 12/6/10 8:06 AM, peasthope@shaw.ca wrote:> Incidentally, several of these options aren''t mentioned in the man page on my > Debian Squeeze but the *.html man page covers all.As always, packages in a Debian release are obsolete before the release ever gets out of the door; it''s a fact of life. You can post a report on the Debian BTS and see what happens. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and onto the cloud with Force.com, apps are easier to build, use, and manage than apps on traditional platforms. Sign up for the Lotus Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d