sslug-teknik team mailing list archive

Thread
Date

Re: iptables til internet-gateway

To: sslug-teknik@xxxxxxxx
From: Anders Melchiorsen <anders+sslug@xxxxxxxxxxxx>
Date: 15 May 2002 19:10:35 +0200
Delivered-to: mailing list sslug-teknik@xxxxxxxx
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm
Newsgroups: sslug.teknik
Organization: None
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Artificial Intelligence)

Lasse Riis <root@xxxxxxxxxx> skrev:

Jeg starter med at gøre opmærksom på listen sslug-netvaerk,
omhandlende netværk.



>  [...] NAT og Masquerading (Hvori ligger den præcise forskel?)

Fra <URL:http://netfilter.samba.org/unreliable-guides/NAT-HOWTO/
NAT-HOWTO.linuxdoc-6.html>:

   There is a specialized case of Source NAT called masquerading: it
   should only be used for dynamically-assigned IP addresses, such as
   standard dialups (for static IP addresses, use SNAT above).
   
   You don't need to put in the source address explicitly with
   masquerading: it will use the source address of the interface the
   packet is going out from. But more importantly, if the link goes
   down, the connections (which are now lost anyway) are forgotten,
   meaning fewer glitches when connection comes back up with a new IP
   address.


Med andre ord, der er ikke rigtig forskel i funktionaliteten, men
masquerading klarer tingene lidt mere automatisk end (S)NAT når
interfacet ikke altid er oppe.


> Jeg er ligeglad med sikkerheden foreløbig, der skal bare være hul
> igennem (Dog ikke så stort et hul at crackere kan bruge min ip til
> deres angreb!)

Der er vist noget modstrid i din kommentar her.



Anders

References

iptables til internet-gateway
From: Lasse Riis, 2002-05-15