Lonnie Abelbeck wrote:
> On Apr 30, 2009, at 8:08 PM, Darrick Hartman wrote:
>
>
>> Justin Coffi wrote:
>>
>>> *raises hand* - That is, until all the functionality is available
>>> in Arno.
>>>
>>>
>> What specific functionality are you missing?
>>
>
> The question above is directed toward Justin... but, as background,
> look at /stat/etc/rc.conf
>
> The astfw variables are marked as depreciated, and the corresponding
> Arno variables are hinted at.
>
> This is the main remaining issue:
> ----
> ##IP DMZ Support
> ##Uncomment the following lines to support more traditional DMZ setups.
> ##If you define DMZIP astfw will automatically forward any new/unknown
> ##tcp and udp connections coming in on EXTIF to the IP address that you
> ##specify. If you say "auto", AstLinux will use the first DHCP lease
> from
> ##the instance of dnsmasq running on INTIF.
> ## DMZIP - is deprecated - See NAT_FORWARD_xxx xxx={ TCP, UDP }
> ## to DMZIP using ports not otherwise NAT'ed, OPEN_xxx or HOST_OPEN_xxx
> ## documented in /stat/etc/arno-iptables-firewall/firewall.conf
> #DMZIP="auto"
> ----
>
> Will the "auto" hack be supported in Arno ?
>
A few things... "first" how? First in the text file? Lowest address?
First given out?
And does anyone actually use this feature? I'm having a hard time
imagining when it might even be handy...
> Additionally, this might be an issue:
> ----
> ##If you have multiple IP addresses on your external interface and you
> want 1:1 NAT
> ##sometimes called binat (bidirectional NAT), define that here. Use
> spaces for
> ##multiple address maps. There is no filtering for these, beware!
> ## EXTIPMAP - is deprecated - See transparent-dnat arno plugin
> #EXTIPMAP="4.2.2.1:192.168.111.20"
> ----
>
> I am not sure how Arno's firewall can handle, say 3 static public
> IP's, masqueraded on one of them and 1:1 NAT to internal private IP
> address for the other two. Does EXTIPMAP handle this case?
>
> Otherwise, /stat/etc/rc.conf documents the transition from "astfw" to
> "arno".
>
> Lonnie
>
As far as I know, all Star2star boxes have a single external interface.
-Philip
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
