[systemd-devel] [SPAM] Re: Custom options and passing options via command line.
Kamil Jońca
kjonca at op.pl
Tue May 10 15:59:13 UTC 2022
Lennart Poettering <lennart at poettering.net> writes:
> On Mo, 09.05.22 20:00, Kamil Jońca (kjonca at op.pl) wrote:
>
>> Kamil Jońca <kjonca at fastmail.com> writes:
>>
>>
>> > Let's see.
>> > from SYSTEMD.NETWORK(5)
>> > ...
>> > IPMasquerade=
>> > Configures IP masquerading for the network interface. If
>> > enabled, packets forwarded from the network interface will be
>> > appear as coming from the local host.
>> > ....
>> >
>> >
>> > I still do not know what mean "local host" here. I guess that this will
>> > be interface address. :)
>> >
>> > I still do not know if this is rather "snat" or rather "masquerade". How
>> > can I decide which to use. And what engine is used here.
>> >
>>
>> Another question:
>> 1. "partial nat"
>> 3 interfaces qemu1 , qemu2, and eth
>> I want to nat treffic from qemu1 via eth but not qemu2
>> (NB this is the place, where I use mu custom option in
>> /etc/network/interfaces which means "NAT this traffic" )
>
> This sounds as if you just want to set IPMasquerade=yes on the
> .network file that matche's qemu1's interface, and that's it.
Maybe I was not clear.
I have ("internal") interfaces qemu1 and qemu2. and interface eth ("external")
I wat to nat traffic from interface qemu1 via eth , but I do not want
nat traffic from interface qemu2 via eth2/
How to achieve this?
>> 2. nat based on destination network.
>>
>> I want to nat only traffic to say, 192.168.10.0/24, leaving rest
>> untouched. (This is case when I have ipsec tunnel and I want to nat only
>> traffic to other endpoint)
>
> If this does not deal in interfaces, but in IP addresses instead, no
> need to involve networkd. Just define the firewall outside of
> networkd?
Of course. Like most nontrivial things I want to do.
That was my point.
KJ
--
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
More information about the systemd-devel
mailing list