[NTLUG:Discuss] IP NAT question
Mark Bickel
eusmb at speakeasy.net
Tue Sep 18 20:18:48 CDT 2001
Daniel Hauck wrote:
> I have wanted to do similar things but you should consider using a firewall
> for how it was intended and forward only specific ports. "ipfwadm" is the
> tool I have used for that task and it works rather well. It also allows the
> flexibility to split services among several boxes using only one external IP
> address. (ex. port 80 forwards to the web server box and port 110 and 24 to
> the mail server box.)
>
I'm a bit puzzled why Jay talks about using ipchains and Dan ipfwadm.
ipfilter (kernel-based stateful packet inspection) is one of the significant
improvements included in the 2.4 series kernel.
ipchains was the defauilt packet filtering mechanism for the 2.2.x kernel.
ipfwadm was the default for the 2.0.x kernel.
These are both old news and the new ipfilter method provides significant
improvements in both speed and flexibility over the older packet filters.
BTW the term stateful means that ipfilter can discern content within the
payload of the ip packets, meaning you can filter based on more than
ip number and port, although that may suffice for your application.
PCanywhere will use ports 5631 and 5632 by default.
Mark.Bickel at 2ericsson.com
>
> ----- Original Message -----
> From: "Jay Urish" <j at ittotalsolutions.com>
> To: <discuss at ntlug.org>
> Sent: Tuesday, September 18, 2001 4:23 PM
> Subject: [NTLUG:Discuss] IP NAT question
>
> >
> > I am trying to NAT 3 routeable IP's through a suse 7.2 box running kernel
> 2.4.4
> > The kernel is compiled with the advanced_ip_router flay set to Y.
> >
> > I am using ipchains as well..
> >
More information about the Discuss
mailing list