[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPsec and IPMasq/Proxy

> The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP
> protocols other than TCP and UDP.

Almost true. Using the iproute2 tools, you can do a static NAT of an
inside box to outside. You can then use standard packet filter firewall
rules to block various ports you don't want access to from outside. It is
the Linux masquerading code that has the problem, regular NAT works just
fine. Problem is that it burns another external IP address.

Reply to: