Ip tables and NAT
Mike Bird
mgb-ubuntu at yosemite.net
Sat Feb 25 19:07:35 UTC 2006
On Sat, 2006-02-25 at 10:47, Mike Bird wrote:
> > > Another useful
> > > iptables feature is NAT, which is also trivial to set up with
> > > firestarter.
> >
> > Rule #1: NAT is not firewalling. I'll repeat that: NAT is not
> > firewalling. NAT on the local machine is nonsensical. NAT is by
> > definition a gateway function. Unless you are doing edge cases like
> > NATing to several virtual machines on the local box, in which case
> > you probably know enough about packet filtering to write your own
> > script
>
> It's hard to imagine a situation where NAT would be needed on
> a workstation. Nevertheless, NAT is a very effective form of
> firewalling on a gateway.
Correcting for my own failure of imagination:
A common case of workstation NAT is two or three workstations
on a home LAN, with one of them connected to the ISP.
--Mike Bird
More information about the ubuntu-users
mailing list