Re: Question about MASQ chain behavior in ipchains
Stan Kaufman <sekfmn@pacbell.net> a écrit :
| Then in the rules for the External interface, only certain ports appear
| to be let back in. I presume that the second and third rules with
| destination ports 61000:65095 are for returning masqueraded packets, eh?
right
| This example doesn't make clear to me what happens to packets from the
| Internal network when they're jumped to MASQ. Do they get a new port (in
| the range 61000:65095) in addition to the masqueraded ip address so that
| when they come back they get past the Bad interface to get
| demasqueraded?
yes
| Or do they just go around the Bad interface because in
| some other fashion they're identified as masqueraded packets through
| something MASQ does?
as you masquerade all sent packets, you should only receive masqueraded
packets. Only port range identifies these packets.
Too bad this mechanism could not be applied for a standalone system :
packets are not forwarded.
--
o-o
mverdier@chez.com (Michel Verdier)
http://www.chez.com/mverdier
Reply to: