Re: IP translation

Bernd Eckenfels (ecki@inka.de)
10 Jan 1997 07:34:13 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard J. Sears: "Conner CFP4207W / Adaptec 2940UW"
Previous message: Flippie Spies: "Re: PCI fail on bootup"
Maybe in reply to: James M. Wenzel: "IP translation"

In linux.dev.net Nigel Metheringham <Nigel.Metheringham@ThePLAnet.net> wrote:
> Generalised NAT is not handled by Linux at present.
2.1.17++ has some basic NAT support. But it is staeless (AFAIcan see).
Therfore it is not good for firewalling.

Linux Masquerade is good for one-way filtering. Only outgoing connections
CAN happen. There is no way to connect to internal masqueraded hosts (well..
forget FTP, dcc and realaudio for a moment). All incomming connections
should be piped through an application proxy, thats a secure solution. I
wont do that for WWW Servers. Its better to put the WWW Server on its own
Ethernet Card and dont use Masquerade for it.

Greetings
Bernd

-- 
  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +4972573817  BE5-RIPE
(O____O)   You can check-out any time u like, but u can never leave

Next message: Richard J. Sears: "Conner CFP4207W / Adaptec 2940UW"
Previous message: Flippie Spies: "Re: PCI fail on bootup"
Maybe in reply to: James M. Wenzel: "IP translation"