> -----Original Message-----
> From: Gavin Scott [mailto:[log in to unmask]]
> Sent: Wednesday, October 02, 2002 1:15 PM
> To: [log in to unmask]
> Subject: Re: Unknown Socket Error
>
>
> Wirt after me:
> > > But this fancy NAT stuff only works if the NAT implementation
> > > knows about all the protocols that you are going to use that
> > > send embedded IP Addresses in the data.
...
> Without the fancy data inspecting implementations, NAT is
> useless for FTP,
> DNS, and several other common protocols, so it's not NAT's
> "design concept"
> to do all this fiddling with the data passing back and forth,
> but it's a
> requirement if you wish to hide the fact that the address
> translation is
> happening.
...
Whether you are using netfilter (http://www.netfilter.org/),
ipfilter (http://coombs.anu.edu.au/~avalon/ip-filter.html), or
something else on your firewall, you may find usefull information
on NAT and masqerading here
(http://www.gnumonks.org/papers/netfilter-lk2000/presentation.html),
here (http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html),
or here (http://www.sns.ias.edu/~jns/security/iptables/index.html).
I've always found it cures MY insomnia.
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *