Dale R. Worley wrote: > > From: Matthew Gillen <[email protected]> > > Subject: [Discuss] firewalld rant > ... > > Side note in ambiguous documentation: check out the "masquerade" option > > https://firewalld.org/documentation/man-pages/firewalld.zone.html : > > ..."If it's present masquerading is enabled." > > no indication of which interface it should be set on (the internal or > > external; the answer is you set that option on the interface you want to > > masquerade /out/ of). > ... > > I know nothing about firewalld, but I've noticed over the years that > documentation of how to configure/use software packages comes in two > varieties: > > 1) documentation that explains clearly and explicitly the consequences > of what one does > > 2) the vast majority of documention, which gives general descriptions of > the conseuqences of various actions, but presupposes you have telepathic > knowledge of a larger structure which contains most of the details > > As in the above example, when you set masquerading on interface X, > *which* packets coming from *which* interfaces are masqueraded *how* > going out *which* interface?
This is consistent on all NAT systems: masquerading refers to changing the source address for forwarding packets exiting a system for their next destination. It applies on an outgoing interface, and without further elaboration, to all matching packets going out from that interface. To *not* masquerade certain outbound packets based on the interface that they were received from would be additional configuration. -dsr- _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
