Brooks Carlson wrote:
> What is the distinction between IPCHAINS, IPTables, IP-Masquerade,
> IPFWADM and NETFILTER?
> Am I correct in saying that the evolution of the Linux firewall was:
> IPFWADM ---> IPCHAINS ---> IPTables?
Yup.
> Where does IP-Masquerade fit into this mix? Under IPCHAINS I have
> rules that I can MASQ
> packets leaving my internet network. Is this the same thing, or is
> IP-Masquerade a separate
> program?
Masquerading is a special case of NAT, or Network Address Translation.
MASQing lets you map N ip addresses (usually on a private LAN) onto a
single IP address. NAT lets you map N to M addresses, where 1<=M<=N.
Under ipfwadm and ipchains, MASQing, NAT and port filtering were all
handled under different userland programs; under iptables I belive that
it's all been rolled into a single program. See the iptables manpage
for instructions on both filtering and NAT.
If you stay with Linux, I recommend using iptables instead of ipchains,
it's a big step forward over the old stuff.
> What about netfilter?
Don't know about this one, sorry -- no reference to it on the Linux
boxen I have handy.
> Sorry about the stupid question, I really have tried to find the answer, but
> I want to understand this
> clearly before moving on. A strong foundation means a more secure network.
One of the drawbacks to using Linux for stuff like this is that several
projects have all been, at one time or another, "the way" to do
firewalling on Linux; consider that documentation projects appear to be
at least partially independent of the actual software development, and
things can rapidly get confusing for the newbie. A pet peeve of mine is
documentation which uses words like "currently" or "newest" but doesn't
include a date on the page, which can often lead to the erroneous
impression that documentation for old firewalling tools actually refers
to something you should expect to see in a current distribution.
But I digress.
> I have been up until
> now a Checkpoint Firewall-1 user on NT, but would like to switch all to
> Linux eventually.
You don't say why you are considering Linux, but if the idea is just to
use a free Unix-like OS to handle your firewalling, I recommend having a
look at OpenBSD. Even if you don't choose to use it, their
documentation is quite well done and can answer a lot of general
questions in ways that will be applicable to other platforms. (See the
networking section of the FAQ for starters, also the ipf and ipnat man
pages, all available from the main OpenBSD web site.)
--
~~~Michael Jinks, IB // Technical Entity // Saecos Corporation~~~~
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
