Re: IPsec and IPMasq/Proxy

To: Phil Brutsche <pbrutsch@tux.creighton.edu>
Cc: Randy Edwards <redwards@golgotha.net>, "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: IPsec and IPMasq/Proxy
From: George Bonser <george@shorelink.com>
Date: Sun, 1 Oct 2000 11:55:55 -0700 (PDT)
Message-id: <Pine.LNX.4.21.0010011153510.31474-100000@chester.shorelink.com>
In-reply-to: <Pine.LNX.4.21.0010011306210.25211-100000@tux.creighton.edu>

> The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP
> protocols other than TCP and UDP.

Almost true. Using the iproute2 tools, you can do a static NAT of an
inside box to outside. You can then use standard packet filter firewall
rules to block various ports you don't want access to from outside. It is
the Linux masquerading code that has the problem, regular NAT works just
fine. Problem is that it burns another external IP address.

Reply to:

Follow-Ups:
- Re: IPsec and IPMasq/Proxy
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>

References:
- Re: IPsec and IPMasq/Proxy
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>

Prev by Date: exim problems with latest version
Next by Date: Re: Problem with Lucent winmodem on debian 2.2
Previous by thread: Re: IPsec and IPMasq/Proxy
Next by thread: Re: IPsec and IPMasq/Proxy
Index(es):
- Date
- Thread