From: Sven Conrad (Sven.Conrad@eed.ericsson.se)
Date: Thu Jun 08 2000 - 17:11:06 CEST
Gerard MARCADE wrote:
>
> Lest's have a look at paragraph 10.
>
> IP filtering allow firewall. I agree with that.
> It is the first part of the paragraph.
>
> In the second part of the paragraph, you seem to speak
> about private network and NAT (Network Address Translation).
> This is completly different, isn't it.
>
1)
NAT == masquerade is a feature of the linux - firewall. The
entire firewall is configured with ipfwadm (kernel 2.0.x).
With ipfwadm you can define many rules for accept or deny
ip-packets. There are rules that allow masquerade option.
AFAIK mulinux support only this masqurading roules within its
setup scripts. But anybody can define his own firewall rules
with direct use of ipfwadm.
I must admit, that I have not fully understand all ipfwadm
features, but it is very powerfull.
BTW: kernel 2.2.x has a new firewall: ipchains
2)
> IP filtering firewall is designed to control the flow of packets based the source, destination, port and packet type
This is ok. Source, destination, port specify for what kind of packet
this
roule is active i.e. if the packet is accepet or denyed on match.
>... You can enable IP masquerade feature and IP generic protection on a Linux server
not very informative, is it ??? It may be the result of - default rule
is deny - !
> allowing connected computers (running TCP/IP, but without registered Internet
address) to connect to the Internet through your muLinux box
is correct, but is a outcome of masqurading. So may be this could be a
new
sentence. But masqurading is allso a security issue, because the hidden
clients
are not accessable from Internet, only the router is seen.
/sven
---------------------------------------------------------------------
To unsubscribe, e-mail: mulinux-unsubscribe@sunsite.auc.dk
For additional commands, e-mail: mulinux-help@sunsite.auc.dk
This archive was generated by hypermail 2.1.6 : Sat Feb 08 2003 - 15:27:14 CET