Re: [SPAM] Re: Custom options and passing options via command line.

[Kamil Jońca <kjonca@xxxxx>]

Lennart Poettering <lennart@xxxxxxxxxxxxxx> writes:

> On Mo, 09.05.22 20:00, Kamil Jońca (kjonca@xxxxx) wrote:
>
>> Kamil Jońca <kjonca@xxxxxxxxxxxx> writes:
>>
>>
>> > Let's see.
>> > from SYSTEMD.NETWORK(5)
>> > ...
>> > IPMasquerade=
>> >            Configures IP masquerading for the network interface. If
>> >            enabled, packets forwarded from the network interface will be
>> >            appear as coming from the local host.
>> > ....
>> >
>> >
>> > I still do not know what mean "local host" here. I guess that this will
>> > be interface address.  :)
>> >
>> > I still do not know if this is rather "snat" or rather "masquerade". How
>> > can I decide which to use. And what engine is used here.
>> >
>>
>> Another question:
>> 1. "partial nat"
>>    3 interfaces  qemu1 , qemu2, and eth
>>    I want to nat treffic from qemu1 via eth but not qemu2
>>    (NB this is the place, where I use mu custom option in
>>    /etc/network/interfaces which means "NAT this traffic" )
>
> This sounds as if you just want to set IPMasquerade=yes on the
> .network file that matche's qemu1's interface, and that's it.
Maybe I was not clear.
I have ("internal") interfaces qemu1 and qemu2. and interface eth ("external")
I wat to nat traffic from interface qemu1 via eth , but I do not want
nat traffic from interface qemu2 via eth2/

How to achieve this?

>> 2. nat based on destination network.
>>
>> I want to nat only traffic to say, 192.168.10.0/24, leaving rest
>> untouched. (This is case when I have ipsec tunnel and I want to nat only
>> traffic to other endpoint)
>
> If this does not deal in interfaces, but in IP addresses instead, no
> need to involve networkd. Just define the firewall outside of
> networkd?
Of course. Like most nontrivial things I want to do.
That was my point. 

KJ

-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html