RE: [fw-wiz] Non-NAT Firewall

From: Paul Melson (pmelson_at_gmail.com)
Date: 11/10/05

  • Next message: Paul Melson: "RE: [fw-wiz] medical records, web server, & stateful firewall vs packet filter"
    To: <nathaniel.d.hall@gmail.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 10 Nov 2005 16:20:23 -0500
    
    

    -----Original Message-----
    Subject: [fw-wiz] Non-NAT Firewall

    > Now, for my problem. I would like to be able to have the same
    functionality using
    > NetFilter, but I have not been able to figure out how to do this without
    masquerading or
    > using DNAT and SNAT. Any ideas?

    What's to know? iptables will work "out-of-the-box" without NAT. Just use
    -i ethXX in your rules to specify which interface they're arriving on (or
    don't, it will work without it, but it may be possible to spoof traffic
    through the ruleset then).

    PaulM

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Melson: "RE: [fw-wiz] medical records, web server, & stateful firewall vs packet filter"

    Relevant Pages

    • Re: Routereinstellungen
      ... > Hi Andreas ... > Dazu m??te der Home-User die DNAT und SNAT schon kennen, ... TCP will zu heise, also 193.99.144.85 Port 80. ...
      (microsoft.public.de.security.heimanwender)
    • Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
      ... > both DNAT and SNAT which might have been applied need to be ... DNAT is reversed at places where we usually do ... > required enabling NAT in LOCAL_OUT unconditionally. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Outgoing DNAT, incoming SNAT?
      ... I know it's possible to perform SNAT on outgoing packets and DNAT on ... incoming ones, for purposes of IP masquerading, but is it possible to ...
      (microsoft.public.windowsxp.security_admin)
    • 2.4.23 masquerading broken?
      ... masquerading seems to be broken. ... problems started just an hour ago, after having the server running for ... For now I'll just stick with SNAT. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
      ... There are lots of other hooks and conntrack/NAT already have a ... DNAT is reversed at places where we usually do ... SNAT, SNAT is reversed where usually DNAT is ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)