Re: Question about MASQ chain behavior in ipchains

To: debian-user@lists.debian.org
Subject: Re: Question about MASQ chain behavior in ipchains
From: Michel Verdier <mverdier@chez.com>
Date: 22 Jul 2000 12:47:55 +0200
Message-id: <[🔎] 200007221047.MAA07943@maison.fr>
In-reply-to: Stan Kaufman's message of "Thu, 20 Jul 2000 18:35:32 -0700"
References: <[🔎] 3977A8E4.85252BE1@pacbell.net>

Stan Kaufman <sekfmn@pacbell.net> a écrit :

| Then in the rules for the External interface, only certain ports appear
| to be let back in. I presume that the second and third rules with
| destination ports 61000:65095 are for returning masqueraded packets, eh?

right

| This example doesn't make clear to me what happens to packets from the
| Internal network when they're jumped to MASQ. Do they get a new port (in
| the range 61000:65095) in addition to the masqueraded ip address so that
| when they come back they get past the Bad interface to get
| demasqueraded?

yes

| Or do they just go around the Bad interface because in
| some other fashion they're identified as masqueraded packets through
| something MASQ does?

as you masquerade all sent packets, you should only receive masqueraded
packets. Only port range identifies these packets.


Too bad this mechanism could not be applied for a standalone system :
packets are not forwarded.

-- 
o-o

mverdier@chez.com (Michel Verdier)
http://www.chez.com/mverdier

Reply to:

References:
- Question about MASQ chain behavior in ipchains
  - From: Stan Kaufman <sekfmn@pacbell.net>

Prev by Date: Re: fetchmail troubles
Next by Date: Re: XFree4 Debs
Previous by thread: Question about MASQ chain behavior in ipchains
Next by thread: Planner/PIM/Calendar Packages
Index(es):
- Date
- Thread