by
Nope. Cisco's NAT is (normally 1-to-1) substitution of IP-s, asQuote:>Just one quick question about IP Masq. From what I can gather, IP
>Masquerade is basically the same thing as cisco's implimentation of
>NAT.
in RFC 1631. Linux Masquerading substitutes all IP-s with that
of the gateway machine, but changes the port to one in the
60K-64K range; it is only used for "ported" protocols, i.e.
TCP and UDP. (It can also recognize ICMP replies to TCP and
UDP packets and redirect them accordingly.) Cisco's NAT also
has "IP overloading" which is similar to Linux Masquerading.
No, AFAIK. I find this rather surprising, since the code forQuote:>The one thing I haven't seen is this: Can IP Masquerade assign
>a group of "real" IP addresses to accomodate higher usage?
"real" NAT would be very similar to that already existing for
Masquerading. Maybe somthing in this direction has been done
in 2.1.X kernels, does anybody know ?
Comments.
(1) Maybe the reason for that is that the code has in fact
been ported from another implementation. (BSD ?)
(2) A German student has written some NAT code for Linux,
but it is completely unrelated to Firewalling/Masquerading,
and I understand that it is essentially alpha, so it does not
seem a good idea.
(3) Note that I've never used Linux Masquerading nor Cisco
NAT :)
RB
Quote:>The reason
>I ask is with cisco, you can assign a range of IP addresses to be
>translated to instead of just using the IP address of the router.
>My only immediate needs for IP Masq. is for a small network at home
>consisting of no more than 1-2 users so if it can't, it's not a big
>deal right now.