Re: NAT - Network Address Translation
From: Ian Gregory (I.H.Gregory@herts.ac.uk)Date: 06/14/02
- Next message: sakky: "Hashed PW's more secure than encrypted PW's?"
- Previous message: Barry Margolin: "Re: Readonly FTP user"
- In reply to: Barry Margolin: "Re: NAT - Network Address Translation"
- Next in thread: Bernd Eckenfels: "Re: NAT - Network Address Translation"
- Reply: Bernd Eckenfels: "Re: NAT - Network Address Translation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: I.H.Gregory@herts.ac.uk (Ian Gregory) Date: 14 Jun 2002 16:37:23 GMT
In article <34oO8.8$Pd6.151@paloalto-snr1.gtei.net>, Barry Margolin wrote:
>In article <slrnagj085.b13.news@news.jors.net>,
>Juergen P. Meier <news-reply@jors.net> wrote:
>>A router that performs NAT does this inside the NAT code. He probably
>>uses some tables that tell it what to NAT and how.
>
>Exactly. Distinguishing between the operations that are done in the
>"routing table" and those that are done in "with an[sic] daemon" is
>inappropriate when we're talking about NATs in general, not specific
>implementations.
>
>The fact that Bernd Eckenfels felt it necessary to bring that up made me
>think that he was referring to something other than generic NATs.
Fair enough. My own contribution to this thread was from the point
of view of someone running IP Filter (on Solaris 8) where there is
a "fastroute" keyword. Note the following passage from the HOWTO
(when talking about the use of fastroute to bypass the IP stack
and avoid a TTL decrement);
"It should be noted, however, that most Unix kernels (and certainly
the ones that ipfilter runs on) have far more eficient routing code
than what exists in ipfilter, and this keyword should not be thought
of as a way to improve the operating speed of your firewall, and
should only be used in places where stealth is an issue."
This is what lead me to make a mental distinction between routing
(kernel) and natting (ipfilter). It is possible that it is not
relevent to generic NATs.
-- Ian Gregory Systems and Applications Manager Learning and Information Services University of Hertfordshire
- Next message: sakky: "Hashed PW's more secure than encrypted PW's?"
- Previous message: Barry Margolin: "Re: Readonly FTP user"
- In reply to: Barry Margolin: "Re: NAT - Network Address Translation"
- Next in thread: Bernd Eckenfels: "Re: NAT - Network Address Translation"
- Reply: Bernd Eckenfels: "Re: NAT - Network Address Translation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
