Firewall masquerading

Firewall masquerading

Post by Ronald Carlso » Sat, 27 Jul 2002 23:02:01



Hello everybody,
I needed some help from you setting up a masquerading for a PPP connection.
I know it's possible to enable masquerading from within ppp.conf, but I was
wondering if it was also possible to set ipfw rules to achieve the same
result "a l" linux...

Can you help me posting the necessary commands to bring up these rules? Are
there any advantages/disadvantages compared to what I'd get from the pppd
capabilities?

Thanx!

 
 
 

Firewall masquerading

Post by Loki » Sat, 27 Jul 2002 23:11:44



Quote:> I needed some help from you setting up a masquerading for a PPP connection.
> I know it's possible to enable masquerading from within ppp.conf, but I was
> wondering if it was also possible to set ipfw rules to achieve the same
> result "a l" linux...

Well, sort of.

You have to set up ipfw with divert IIRC.

Quote:> Can you help me posting the necessary commands to bring up these rules? Are
> there any advantages/disadvantages compared to what I'd get from the pppd
> capabilities?

BSDers usually call it NAT, for Network Address Translation.

There are no real benefits to doing it through ipfw, except that ipfw
executes at the kernel level and thus the NAT code works at the kernel
level. Some believe this to be an advantage, others claim it is a
disadvantage.

It's certainly way easier to just do it inside ppp, unless of course you're
running without ppp (for example, you have a cablemodem with a DHCP
connection).
--
The truth speaks for itself. I'm just a messenger.

                --- Lyta Alexander
                    "Babylon 5: Between the Darkness and the Light"

 
 
 

Firewall masquerading

Post by Joshua Le » Sun, 28 Jul 2002 07:16:39



> I needed some help from you setting up a masquerading for a PPP connection.
> I know it's possible to enable masquerading from within ppp.conf, but I was
> wondering if it was also possible to set ipfw rules to achieve the same
> result "a l" linux...

/usr/share/doc/en_US.ISO8859-1/articles/dialup-firewall/index.html

Or the equivalent on the www.freebsd.org website.

 
 
 

Firewall masquerading

Post by Dave Pimlot » Tue, 30 Jul 2002 19:16:46



> > Can you help me posting the necessary commands to bring up these rules? Are
> > there any advantages/disadvantages compared to what I'd get from the pppd
> > capabilities?

> BSDers usually call it NAT, for Network Address Translation.

and anyone else who knows networking...

a bit OT: but why did the linux people call their NAT stuff
'IP-masquerading'?!?
was it just to be different?

Dave Pimlott.

 
 
 

Firewall masquerading

Post by Ronald Carlso » Tue, 30 Jul 2002 21:20:26


Quote:> and anyone else who knows networking...

IP Masquerade, called "IPMASQ" or "MASQ" for short, is a form of Network
Address Translation (NAT) which allows internally connected computers that
do not have one or more registered Internet IP addresses to communicate to
the Internet.
 
 
 

Firewall masquerading

Post by Dave Pimlot » Tue, 30 Jul 2002 23:15:23



> IP Masquerade, called "IPMASQ" or "MASQ" for short, is a form of Network
> Address Translation (NAT) which allows internally connected computers that
> do not have one or more registered Internet IP addresses to communicate to
> the Internet.

sorry - not sure I understood you... isn't this exactly what NAT does?
or is 'MASQ' a sub-set of NAT?

FWIW I have used NAT/PAT extensively both at work and at home, and am
pretty comfortable with TCP/IP in general (juist not linux...)

Dave Pimlott.