[NTLUG:Discuss] IP NAT question

Jay Urish j at yourlinuxguru.com
Tue Sep 18 20:49:42 CDT 2001 

At 08:18 PM 9/18/2001 -0500, you wrote:
>Daniel Hauck wrote:
>
> > I have wanted to do similar things but you should consider using a firewall
> > for how it was intended and forward only specific ports.  "ipfwadm" is the
> > tool I have used for that task and it works rather well.  It also 
> allows the
> > flexibility to split services among several boxes using only one 
> external IP
> > address.  (ex. port 80 forwards to the web server box and port 110 and 
> 24 to
> > the mail server box.)
> >
>
>I'm a bit puzzled why Jay  talks about using ipchains and Dan ipfwadm.
>ipfilter (kernel-based stateful packet inspection) is one of the significant
>improvements included in the 2.4 series kernel.

I guess its what we are used to.. Personally I dumped ipfwadm a long time 
ago in favor of ipchains..

I would use iptables, but its not installed on the box i'm working on..

Besides, I really don't need stateful packet inspection.



>ipchains was the defauilt packet filtering mechanism for the 2.2.x kernel.
>
>ipfwadm was the default for the 2.0.x kernel.
>
>These are both old news and the new ipfilter method provides significant
>improvements in both speed and flexibility over the older packet filters.
>
>BTW the term stateful means that ipfilter can discern content within the
>payload of the ip packets, meaning you can filter based on more than
>ip number and port, although that may suffice for your application.
>
>PCanywhere will use ports 5631 and 5632 by default.
>
>Mark.Bickel at 2ericsson.com
>
>
>
> >
> > ----- Original Message -----
> > From: "Jay Urish" <j at ittotalsolutions.com>
> > To: <discuss at ntlug.org>
> > Sent: Tuesday, September 18, 2001 4:23 PM
> > Subject: [NTLUG:Discuss] IP NAT question
> >
> > >
> > > I am trying to NAT 3 routeable IP's through a suse 7.2 box running kernel
> > 2.4.4
> > > The kernel is compiled with the advanced_ip_router flay set to Y.
> > >
> > > I am using ipchains as well..
> > >
>
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss


Jay Urish
Your Linux Guru.
Sendmail/Bind/Apache/DHCPD/IPchains/Samba expertise all in one place!
www.yourlinuxguru.com

More information about the Discuss mailing list