Re: ip masquerade : which one?

To: debian-user@lists.debian.org
Subject: Re: ip masquerade : which one?
From: Bob Nielsen <nielsen@oz.net>
Date: Mon, 16 Apr 2001 18:50:32 -0700
Message-id: <[🔎] 20010416185032.A2725@oz.net>
In-reply-to: <[🔎] 20010417022315.A18731@tekilla.homeip.net>; from flateric@tekilla.homeip.net on Tue, Apr 17, 2001 at 02:23:16AM +0200
References: <[🔎] 20010416163526.B29717@harmony.cs.rit.edu> <[🔎] 20010417003830.B18198@tekilla.homeip.net> <[🔎] 20010416190740.E16@harmony.cs.rit.edu> <[🔎] 20010417022315.A18731@tekilla.homeip.net>

Now hold on there just a darn minute--

In one sentence, you say that he doesn't want to have both, but in
another you acknowledge that ipmasq depends on ipfwadm or ipchains or
iptables.  Thus if he wants to use ipmasq he needs one of these. 
ipfwadm is for 2.0 (and earlier) kernels, ipchains is for 2.2 and
iptables is for 2.4.

The ipmasq package is not *REQUIRED* to set up MASQ rules, but is a
tool which simplifies the process.

I suspect one could set up firewalling chains without the ipchains
package by writing to /proc, but that would probably be a bit difficult
to administer by hand.

Bob

Tue, Apr 17, 2001 at 02:23:16AM +0200, Willi Dyck wrote:
> On Mon, Apr 16, 2001 at 07:07:40PM -0400, D-Man wrote:
> > This doesn't quite answer my question, but it might be heading in the
> > right direction.  I want to know the difference between ipchains and
> > ipmasq.  Would I be correct if I said :
> >     Firewalling and Masquerading are 2 different things, handled by 2
> >     different apps, and I want both ipchains and ipmasq?
> 
> No, you don't want to have both. Ipmasq is the short form of
> IP-Masquerade and can be handeld by both, ipchains and iptables.
> Masquerading, or simply MASQ, (used in FORWARD chains) is one of the
> three chains which are handeld by ipchains. The other two, as you
> probably know, are the INPUT and the OUTPUT chains. INPUT chain-rules
> decide what to do with incoming ip-pakets, OUPUT chain-rules decide what
> to do with outgoing ip-pakets. The FORWARD chain-rules (with MASQ as their
> target Flag) are masquerading internal LAN-IP's with the one connected to
> the "outside". Actually iptables now have two new chains called POSTROUTING
> and PREROUTING, but this is way OT, I think :)
> 
> Deciding what to do with incoming and outgoing ip-pakets is called
> "Firewalling". Masquerading allows a LAN without a "real" IP to connect
> to the "outside".
> 
> > The line :
> >  MASQ is now MASQUERADE
> > seems to indicate that ipchains and iptables both handle masquerading.
> 
> That's right.
> 
> > If that is true, how does the ipmasq package fit in with this?
> 
> I'm not quite sure, but ipmasq depends on either ipfwadm or ipchains or
> iptables, depends on what you decide to use. It includes modules which
> initialize IP Masquerading for use as a Firewall.
> 
> Hope this doesn't confuse you too much, but helpes.
> 
> MfG, Willi

-- 
Bob Nielsen, N7XY                          nielsen@oz.net
Bainbridge Island, WA                      http://www.oz.net/~nielsen
IOTA NA-065, USI WA-028S

Reply to:

Follow-Ups:
- Re: ip masquerade : which one?
  - From: Osamu Aoki <debian@aokiconsulting.com>
- Re: ip masquerade : which one?
  - From: Osamu Aoki <debian@aokiconsulting.com>
- Re: ip masquerade : which one?
  - From: Willi Dyck <flateric@tekilla.homeip.net>

References:
- ip masquerade : which one?
  - From: D-Man <dsh8290@rit.edu>
- Re: ip masquerade : which one?
  - From: Willi Dyck <flateric@tekilla.homeip.net>
- Re: ip masquerade : which one?
  - From: D-Man <dsh8290@rit.edu>
- Re: ip masquerade : which one?
  - From: Willi Dyck <flateric@tekilla.homeip.net>

Prev by Date: Re: debian 2.2r3 ?
Next by Date: Re: debian 2.2r3 ?
Previous by thread: Re: ip masquerade : which one?
Next by thread: Re: ip masquerade : which one?
Index(es):
- Date
- Thread