Re: IPsec and IPMasq/Proxy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> > The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP
> > protocols other than TCP and UDP.
>
> Almost true. Using the iproute2 tools, you can do a static NAT of an
> inside box to outside. You can then use standard packet filter firewall
> rules to block various ports you don't want access to from outside. It is
> the Linux masquerading code that has the problem, regular NAT works just
> fine.
The "ip neigh {add|del|change|replace} ..." sequence?
> Problem is that it burns another external IP address.
Um... not good.
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5149C/ZTSZFDeHPwRAp8QAKDGcGvOFTEyuRorf10sFplLyQK1vwCeKSVL
XQNRB4nEBvbfWemVJtfKeb4=
=CiCq
-----END PGP SIGNATURE-----
Reply to: