VanLUG Email Archive
> But will NAT do the type of mapping whereby the traffic from multiple
> hosts is made to appear to come from the translating host, and
> the reverse traffic is disambiguated on its port numbers? If not, then
> it's not a true superset of masquerading.
ipfilter will do that, yes.
> Also, how does it deal with tricky protocols like FTP? What's its equivalent of
> the ``helper modules''?
I don't know off hand; I've never investigated it closely. I'm
pretty sure it does do proper translation for ftp in passive mode,
but I'm not sure what else it offers.
I keep my systems behind my NAT machine heavily firewalled; I let
out almost nothing but ssh. Everything else is done through proxies.
Anything that needs full access simply goes outside the firewall.
cjs
-- Curt Sampson <
> 604-257-9400 De gustibus, aut bene aut nihil. Any opinions expressed are mine and mine alone. The most widely ported operating system in the world: http://www.netbsd.org