Firewall Wizards mailing list archives
Re: NAT
From: "Paul D. Robertson" <proberts () clark net>
Date: Fri, 28 Apr 2000 15:59:18 -0400 (EDT)
On Thu, 27 Apr 2000, Bennett Todd wrote:
I'm sure this is doable with Linux with some masquerading for the internal to external connections and Masquerading or redirection for the external to internal ones.With ipfwadm (2.0.x kernels) and ipchains (2.2.x kernels), no, you can only do Masquerading, not static NAT; there's no way to tell the kernel to listen for connections on a particular ipaddr:port and
I'm not sure about IP addresses, but I thought the whole "transparent proxy" solution in the 2.0.n kernels was redirection-alike stuff (this is from a long ago reading of the stuff at XOS, a quick google shows this at http://www.xos.nl/linux/ipfwadm/paper/node5.html#SECTION00050000000000000000 - not the most elegant solution, but still a possible solution unless I'm missing something basic here?) Also, http://proxy.iinchina.net/~wensong/ipnat/ contains an older (up to 2.0.35) implementation of NAT.
route them to a masqueraded machine. With netfilter (late 2.3.x kernels, will be in 2.4 when it comes out) you can do this.
There appears to be some NAT code in the 2.2.nn kernels, but I can't say if it works or how well - specificly there's some config stuff in the router side code. http://www.suse.de/~mha/HyperNews/get/linux-ip-nat.html seems to indicate code for 2.0.29-2.0.33 and 2.2.4 (marked as "Should work with newer 2.2 kernels.) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- Re: NAT Paul D. Robertson (May 04)