Re: IP Masq over CIPE tunnel.|
Robert Davidson <puttputt,AT,ebbs,DOT,com,DOT,au>|
Wed, 22 Aug 2001 17:13:37 +0200|
Casey Carter wrote:
> specifying an invalid source address (at least invalid for this
> particular use). You should never need to masquerade a machine as
> itself -- the makes no sense.
Ok, How come it makes no sense?
If I send a packet from 192.168.1.1 (which is the IP of eth0), to a
web server somewhere live on the Internet, then why does it not make
sense to masquerade it?
It has to masquerade it, otherwise it'll never work. To me, that
sounds pretty stupid because that means that I can never use my
internal ip as the source, which means I need to call up the people
using the 192.168.1.0/24 range for their internet connected pc's and
then get them to do all of the pings and traceroutes, it doesn't make
sense to me that the netfilter code would be this inflexible.
So this really boils down to two questions -
1 - Why doesn't it make sense to masquerade it?
2 - What's the solution?