VanLUG Email Archive
> Ip Masq does just IP to IP with port translation.
> NAT means that it takes one protocol and translates it to another. Last I
> checked, Linux didn't translate IPX -> TCP/IP.
> At least, thats what #unix on efnet managed to agree too.
Interesting. You guys had better run over and tell Cisco, then.
Here, from their Frequently Asked Questions about NAT document
(found at http://www.cisco.com/warp/public/458/41.html) is their
definition of NAT:
Q: What is NAT?
A: Network Address Translation (NAT) is designed for IP address
simplification and conservation, as it enables private IP
internetworks that use nonregistered IP addresses to connect
to the Internet. NAT operates on a router, usually connecting
two networks together, and translates the private (not globally
unique) addresses in the internal network into legal addresses
before packets are forwarded onto another network. As part of
this functionality, NAT can be configured to advertise only
one address for the entire network to the outside world. This
provides additional security, effectively hiding the entire
internal network from the world behind that address. NAT has
the dual functionality of security and address conservation,
and is typically implemented in remote access environments.
Note that their definition even explicitly covers translation to
a single address, which Linux folks refer to as `IP Masquerading.'
Incidently, I searched their entire website for that term and came
up with nothing; it appears that they don't use it at all.
When Cisco does need to distinguish between NAT to multiple addresses
and NAT that translates everything down to a single address (a
distinction they rarely make), the call the latter PAT, for Port
Address Translation. I believe Cisco to be the only company that
makes this distinction and uses a separate term for it.
Bay Networks explicitly says that NAT refers to translating to a
single address. On
http://support.baynetworks.com/library/tpubs/html/router/nautica/nrs41/117237AB/J_23.HTM
they say:
Network Address Translation (NAT) is a method for translating
an internal IP address or network into a single globally unique
IP address.
Ascend just qualifies its use of NAT if they want to explicitly
specify one or the other. From http://www.ascend.com/faqs/50/445.html:
Multiple IP address NAT, or one to one NAT is available in
release 4.6ci17 or later. Single IP address, or one to many
NAT is available in release 5.0ai16 or later. You are able to
choose between the two methods of NAT in release 5.1a or later.
3com uses NAT to refer to translation to a single address on the page
http://support.3com.com/infodeli/tools/bridrout/oc/INTERNAT.HTM:
With the NAT feature enabled, you can use your own private set
of IP addresses that will be translated to the single IP address
which gets assigned to your OfficeConnect during connection
negotiation
A search of all three of these vendors' sites turned up no use of
the term "IP masquerading" (I actually searched for "masq*" where
I could.)
The RFCs don't make this distinction; the only mention of single-address
translation that I could find is in RFC 2391, where they say only
NATs have traditionally been been used to allow private network
domains to connect to Global networks using as few as one
globally unique IP address.
So still, lacking one shred evidence to the contrary, I'm going to
insist that "IP masquerading" is a term used only by Linux users
for a distinction not made in the outside world, and that is not
generally known to non-Linux users.
cjs
-- Curt Sampson <
> 604-257-9400 De gustibus, aut bene aut nihil. Any opinions expressed are mine and mine alone. The most widely ported operating system in the world: http://www.netbsd.org