Quoting Gadi Cohen, from the post of Sun, 12 Aug: > I take it MPLS is "without a dialer" ? I can't believe it's such a big > deal here to change :) I must admit a week went by with nothing
It's a big issue because it takes away the power from the ISP and leaves it with the ADSL/cable provider. they can't shape your traffic or limit you and meter you as much as they'd like without a pptp connection. I actually pay a monthly $15 to have it, beyong the regular cost of the 012 bill. But I gain stability and a "fixed" IP. and with the lower overhead, it's very helpful for torrents :-) > well, since both my physical PCs are running Linux it's actually quite > nice to not have my laptop dependent on my other PC anymore for routing, Well, my linux is a mail and file server (with MPLS, even if there is downtime, I usually get the same IP again because like DHCP it keeps the lease, I have fixed IP :-) Since one machine is always on anyway, it's also the firewall and everyone connects through it. makes life simpler if you ask me. I also do the traffic shaping there so all the machines get priority of Skype over torrents, etc. > windows virtual pc in vmware, but I'm quite happy for both the physical > linux boxes to have their own connection and handle their own firewall > with masquerading. has plusses and minuses... > > well, I think it's worth getting another 80-100 NIS card for that on the > > one hand, but on the other hand, it's very much doable with plain > > IPTABLES. I have not used shorewall yet. > > > well, yes, that would easily solve my problems, but it's a bit annoying > on principle... because aside from the firewall I already have the whole > idea working great by just putting my one card on two different > subnets. lucky it doesn't work like that in Israel, but in the US I saw that the outer subnet of 10./8 was actually shared among all the clients in the neighbourhood of the cable company (well, 8 years ago it was) and you could actually find people running LAN parties and webservers and not just using it for PPTP, so I would not connect that interface to a non-firewalled machine... At least in Israel it doesn't work that way. > But I seem to recall that shorewall's lack of support is based > on iptables limitations -- on dealing with aliases interfaces. nope. it's been supported as far back as ipchains and probably before. It's a little trickier with multiple IP on a single interface, but not with aliased interfaces. -- Ribbed for her pleasure Ira Abramov http://ira.abramov.org/email/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
