Re: [tlug] [Was: iptables] Forward multicats

["Bruno Raoult" <braoult@example.com>]

On Tue, Jun 17, 2008 at 12:19 AM, Curt Sampson
<cjs@example.com> wrote:
> On 2008-06-16 22:01 +0900 (Mon), Bruno Raoult wrote:
>> In fact, my forwarding rule is that one:
>>    iptables -A POSTROUTING -t nat -o ${LAN_PORT} -s ${DSK_NET} -j MASQUERADE
>
> Ok, kill that. NAT is a True Pain in the Ass, and is useful only as a
> hack when you can't get enough IP addresses that hosts on both sides
> of the router know about. You're not in this situation, since you can
> assign, say, all of 192.168.10.0/24 to one side and 192.168.11.0/24 to
> the other, so you can remove that problem from your life entirely and be
> much happier. Set your system up for just standard routing.
>
> That right there might fix your entire problem.

In fact, there is something I will not be able to do with the setup you propose.
My idea is to have the terastation able to discuss with machines
outside my network.
I use an Airport as wifi router, and it does not support routing
information for the
inside network. That is why I wanted to have the terastation seen as
"part of the wifi
network" with NAT. Doing as you say (which has many other advantages)
will not allow
the Airport to join the Terastation.

> I really don't have enough bad things to say about NAT, as you can see.

Apparently, yes ;-)

br.

-- 
2 + 2 = 5, for very large values of 2.