Re: IPsec and IPMasq/Proxy

To: Phil Brutsche <pbrutsch@tux.creighton.edu>
Cc: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: IPsec and IPMasq/Proxy
From: George Bonser <george@shorelink.com>
Date: Sun, 1 Oct 2000 12:30:55 -0700 (PDT)
Message-id: <Pine.LNX.4.21.0010011225120.31474-100000@chester.shorelink.com>
In-reply-to: <Pine.LNX.4.21.0010011416260.25377-100000@tux.creighton.edu>

> 
> The "ip neigh {add|del|change|replace} ..." sequence?

Yeah. Look in /usr/share/doc/iproute and print off one of the cref
(command reference) docs (note the .ps file wants A4 paper)

> 
> > Problem is that it burns another external IP address.
> 
> Um... not good.

Well, yeah. That is the thing with NAT as opposed to Masq but NAT is a lot
faster. If you have the addresses to spare, you assign one for the
internal IPSec or PPTP or whatever VPN unit and NAT it at the
firewall. The thing is that a lot of these protocols use things like GRE
that Linux does not like to masquerade. Heck, Linux doesn't like UDP all
that much ... try running a CIPE VPN from behind a firewall ... no can do.

Reply to:

References:
- Re: IPsec and IPMasq/Proxy
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>

Prev by Date: Re: [OFFTOPIC] small fetchmail problem with popsneaker - SOLVED :)
Next by Date: Re: tr '\verb|\|000' '\verb|\|\n'?
Previous by thread: Re: IPsec and IPMasq/Proxy
Next by thread: about to install Debian - "help me through the dark".. :)
Index(es):
- Date
- Thread