[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPsec and IPMasq/Proxy



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A long time ago, in a galaxy far, far way, someone said...

> > The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP
> > protocols other than TCP and UDP.
> 
> Almost true. Using the iproute2 tools, you can do a static NAT of an
> inside box to outside. You can then use standard packet filter firewall
> rules to block various ports you don't want access to from outside. It is
> the Linux masquerading code that has the problem, regular NAT works just
> fine.

The "ip neigh {add|del|change|replace} ..." sequence?

> Problem is that it burns another external IP address.

Um... not good.

- -- 
- ----------------------------------------------------------------------
Phil Brutsche				    pbrutsch@tux.creighton.edu

GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D  7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5149C/ZTSZFDeHPwRAp8QAKDGcGvOFTEyuRorf10sFplLyQK1vwCeKSVL
XQNRB4nEBvbfWemVJtfKeb4=
=CiCq
-----END PGP SIGNATURE-----



Reply to: