Ipmasq User's Manual - Design Issues
This section describes rationales for some of the design issues that went
The rules files
ipmasq utilizes are named according to
a common scheme consisting of a capital letter, a two digit number,
and a short description of what the rule is doing. As the names of the
rules files are run through
sort, the letter and two digit
number determine the order in which rules will be run.
The capital letter denotes what kind of action the rule takes, according to the following list:
ipmasqhost fall into this category.
More information about the rules files can be found in the comments of the rules files themselves.
The rules files supplied with
ipmasq have been broken down
to a fine granularity. This granularity is designed to allow individual
portions to be overridden easily. For instance, if all input rules were
shipped in one rules file, in order to override the input rule for
external interfaces, the remaining rules in the file would have to be
New rules files should contain commands suitable for setting up the operation of one service. This is to both keep a reasonable level of granularity, and to allow those rules files to be self-contained entities.
ipmasq makes a few assumptions about the networks it is
masquerading between (these hold for the majority of cases):
default-ifprogram by selecting the interface that contains the system's default route.
ipmasqhas run. Should it change,
ipmasqmust be re-run. Please see Integrating with Other Systems, Chapter 4 for more information on the specifics of how to do this for your particular connection method.
Should any of these assumptions prove false for your specific network, please see Dealing with Oddball Networks, Chapter 3.