10.0.0.0/24 is something very different from 10.0.0.0/8 and it appears Linux doesn’t really like to masquerade itself, as it then sends
RSTto the originating host. Of course, ssh doesn’t care about getting an
RSTand just hangs.
OpenWRT is quite neat, and my wlan is now separated from the wired network, which means we can run services such as cups on the wired network without having to require authentication. It would be cool to play around with VLAN tagging, but I think that’s for another day.
I need to investigate how to get the internal DNS working properly; I kinda want to have sensible reverse-DNS for 10.x.x.x addresses.
The whole infrastructure which goes on top of the physical and first layer of the network is still missing (Kerberos, LDAP, cups, openvpn, nocatauth or similar).