Re: [Leaf-user] internal NAT question

2002-04-26 Thread Charles Steinkuehler
> I have situations in which my vpn router is a peer to a proxy server. > The proxy server is the default gateway for the servers behind it. > > Therefore I use NAT on the internal interface to force traffic to the servers > back through the router. > > This is approximately the same thing as port

RE: [Leaf-user] internal NAT question

2002-04-26 Thread Steve Fink
Phillip, The security implications are the same as having that port on that machine exposed directly to the internet. Example: Portforwarding port 3389 ( Terminal Server ) from the firewall to port 3389 on a NT/2000 system behind the firewall. Terminal Server is

RE: [Leaf-user] internal NAT question

2002-04-26 Thread Tony
mistaken, and that port forwarding bypasses all rules. Thanks, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Fink Sent: Friday, April 26, 2002 3:55 PM To: LEAF-List Subject: RE: [Leaf-user] internal NAT question Phillip, The

RE: [Leaf-user] internal NAT question

2002-04-27 Thread Steve Fink
Tony, The use of ipmasqadm portfw allows the packets to pass untouched by ipchains. Steve -Original Message- From: Tony [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 5:09 PM To: Steve Fink; LEAF-List Subject: RE: [Leaf-user] internal NAT question Would not the

RE: [Leaf-user] internal NAT question

2002-04-27 Thread Steve Fink
t: RE: [Leaf-user] internal NAT question Tony, The use of ipmasqadm portfw allows the packets to pass untouched by ipchains. Steve -Original Message- From: Tony [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 5:09 PM To: Steve Fink; LEAF-List Subject: RE: [Leaf-user] int

RE: [Leaf-user] internal NAT question

2002-04-27 Thread Tony
ssage- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Fink Sent: Saturday, April 27, 2002 12:46 PM To: Tony; LEAF-List Subject: RE: [Leaf-user] internal NAT question Group, Sorry for the unintentional curtness of this post I'm a bit decaffina

RE: [Leaf-user] internal NAT question

2002-04-29 Thread Phillip . Watts
EMAIL PROTECTED]>, "LEAF-List" <[EMAIL PROTECTED]> cc: (bcc: Phillip Watts/austin/Nlynx) Subject: RE: [Leaf-user] internal NAT question Oh good grief, don't apologize! I didn't take offense. I didn't realize that ipmasqadm portfw bypassed ipchains. Ac

RE: [Leaf-user] internal NAT question

2002-04-29 Thread Steve Fink
:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 7:06 AM To: Tony Cc: Steve Fink; LEAF-List Subject: RE: [Leaf-user] internal NAT question 2.4 iptables is a tool for manipulating netfilter including NAT and port forwarding. Forwarding does NOT bypass netfilter, its an integral part of it. My

Re: [Leaf-user] internal NAT question

2002-04-29 Thread Scott C. Best
Tony: Heya. Sorry for chiming in late, I had a busy weekend. :) I believe the information about ipmasqadm "bypassing" ipchains is incorrect. I've always known it to be described as: http://www.tldp.org/HOWTO/IPCHAINS-HOWTO-4.html Some nice ascii art there. Quoting from th