Re: AIX NAT vs. Debian Masq

[Damon Buckwalter <damon@meta-x.net>]

On Wed, May 10, 2000 at 01:15:25PM -0500, Mullins, Ron wrote:
> Hey,
> I'm trying to take over the firewall of our company. I would like to deploy
> a Linux masq'd gateway (which I have done before for another company) to
> replace AIX version 4 with NAT. Could anyone give me some ideas as to how
> these technologies compare? Are there any arguments that can be made to the
> higherups in Linux's favor? Should I (*heresy*) stay with AIX? *me, dodges
> lightning strike*

I'd check into running the newer 2.3.99-preX kernels (soon to be 2.4) with
iptables/Netfilter support.  Iptables can do anything AIX's NAT can do and
then some, I'd wager (especially with Linux's QoS features).

> Basically, is anyone familiar with setting up both and the pluses and
> minuses? Arguments will have to be good, as an entrenched familiarity with
> current system. However our MSCE is making noise about NT as firewall. So
> with all speed brethren...

Try asking on the Netfilter mailing list <netfilter@samba.org>.  I've found
that 2.3.99-pre3 plus Debian 'woody' is very stable for my purposes, despite
being somewhat on the bleeding edge.  I'd also recommend getting the iproute
package, a very nice interface to the newer networking code in the 2.2+
kernel.