> > Just something that cropped up in another group recently - how accurate is
> > it to say that masquerading is
> > a) NAT
> > b) a form (subset) of NAT
> > c) a close cousin of NAT
> > ?
> > I'm thinking particularly of a contrast with, e.g. tunnelvision from
> > worldvisions.ca, which takes a LAN and uses ethertap to 'convert' it to a
> > single-port TCP connection and unpacks it at the other end.
> Haven't heard of that one. It probably is meant to tunnel a private
> network through the Internet?
Yep. Exactly what I used it for, and it's as simple as:
# tunnelv 9999 # listener
# tunnelv remotebox 9999 # client
so you only have one port to forward through ssh if you want.[i]
Quote:> And yes, there are many interpretations of NAT. AFAIK, Cisco have a form
> of NAT which on demand dynamically maps a pool of Internet addresses to a
> much larger pool of hosts in a private subnet. By that definition, Linux
> IP masquerading would only be a small subset of NAT.
Right. Fair does :)
Quote:> I am just taking the liberty of interpreting NAT literally -- and Linux
> IP masquerading *does* Network Address Translation, even if its all
> through a single Internet IP address. :)
Yeah, I was thinking of something that takes "a network" and "translates"
it (or encapsulates, for that matter, same difference) - it can happen in
one or two different ways. It's a 1-way (many-to-1) system (at least
ideally) anyway. In my ignorance I tend to settle for somewhere between
options "b" and "c" above, myself :)
[i] [home with masquerading firewall]-->ssh-->[box 1]-->-ssh-->[network2]
ie double-bounce with ssh. That's suitably secure... and perverse ;)
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| The sun is melting over the hills, | http://piglet.is.dreaming.org/