On Mon, Apr 16, 2001 at 07:07:40PM -0400, D-Man wrote: > This doesn't quite answer my question, but it might be heading in the > right direction. I want to know the difference between ipchains and > ipmasq. Would I be correct if I said : > Firewalling and Masquerading are 2 different things, handled by 2 > different apps, and I want both ipchains and ipmasq?
No, you don't want to have both. Ipmasq is the short form of IP-Masquerade and can be handeld by both, ipchains and iptables. Masquerading, or simply MASQ, (used in FORWARD chains) is one of the three chains which are handeld by ipchains. The other two, as you probably know, are the INPUT and the OUTPUT chains. INPUT chain-rules decide what to do with incoming ip-pakets, OUPUT chain-rules decide what to do with outgoing ip-pakets. The FORWARD chain-rules (with MASQ as their target Flag) are masquerading internal LAN-IP's with the one connected to the "outside". Actually iptables now have two new chains called POSTROUTING and PREROUTING, but this is way OT, I think :) Deciding what to do with incoming and outgoing ip-pakets is called "Firewalling". Masquerading allows a LAN without a "real" IP to connect to the "outside". > The line : > MASQ is now MASQUERADE > seems to indicate that ipchains and iptables both handle masquerading. That's right. > If that is true, how does the ipmasq package fit in with this? I'm not quite sure, but ipmasq depends on either ipfwadm or ipchains or iptables, depends on what you decide to use. It includes modules which initialize IP Masquerading for use as a Firewall. Hope this doesn't confuse you too much, but helpes. MfG, Willi -- ...is a registered (#210445) user of:####Debian 2.2r2 GNU/Linux icq# 49564994###AIM: wdyck###########GnuPG-Key: 1024D/8BFCA69B Fingerprint: DAD2 E564 B725 E6A3 5A0F 1497 4411 F30F 8BFC A69B
