HP3000-L Archives

October 2002, Week 1

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Unknown Socket Error
From:
Dave Waroff <[log in to unmask]>
Reply To:
Dave Waroff <[log in to unmask]>
Date:
Wed, 2 Oct 2002 14:21:12 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines) 
> -----Original Message-----
> From: Gavin Scott [mailto:[log in to unmask]]
> Sent: Wednesday, October 02, 2002 1:15 PM
> To: [log in to unmask]
> Subject: Re: Unknown Socket Error
>
>
> Wirt after me:
> > > But this fancy NAT stuff only works if the NAT implementation
> > > knows about all the protocols that you are going to use that
> > > send embedded IP Addresses in the data.
 ...
> Without the fancy data inspecting implementations, NAT is
> useless for FTP,
> DNS, and several other common protocols, so it's not NAT's
> "design concept"
> to do all this fiddling with the data passing back and forth,
> but it's a
> requirement if you wish to hide the fact that the address
> translation is
> happening.
 ...

Whether you are using netfilter (http://www.netfilter.org/),
ipfilter (http://coombs.anu.edu.au/~avalon/ip-filter.html), or
something else on your firewall, you may find usefull information
on NAT and masqerading here
(http://www.gnumonks.org/papers/netfilter-lk2000/presentation.html),
here (http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html),
or here (http://www.sns.ias.edu/~jns/security/iptables/index.html).
I've always found it cures MY insomnia.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2