> > so you configure NAT to map the 10.* class to a global address (1.2.3.10
> > for example).
>
> This is where my comment about "modern nat" and Linux's IP masquerading in
> particular come in. In Linux, with masquerading, these mappings are not
> done on a multi-multi address mapping basis, they are made on a
> multi-(source IP + port) to a single source IP with a dynamic port. To
>
I, too, object to your use of the word 'modern' in this context, as it has a
certain positive ring to it that is not justified, IMHO. Linux IP
Masquerading in 2.2 kernels is, in fact, a very limited NAT implementation
in that it can only perform n:1 NAT via port translation. It can not perform
the other NAT modes mentioned on the list such as m:m or m:n NAT, at least
not dynamically. Static applications might work by assigning further IP
addresses to the output interface and making use of iproute2, but you can't
avoid the port translation.
The NAT options in the 2.4 kernel's netfilter code are very much nicer.
Cheers,
Tobias
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
