Ip tables and NAT
Peter Garrett
peter.garrett at optusnet.com.au
Sun Feb 26 06:43:26 UTC 2006
On Sat, 25 Feb 2006 19:51:21 +0200
Alan McKinnon <alan at linuxholdings.co.za> wrote:
> Rule #1: NAT is not firewalling. I'll repeat that: NAT is not
> firewalling. NAT on the local machine is nonsensical. NAT is by
> definition a gateway function. Unless you are doing edge cases like
> NATing to several virtual machines on the local box, in which case
> you probably know enough about packet filtering to write your own
> script
I was under the impression that the NAT feature in Firestarter was there
for instance for people like me who have a few machines on a LAN and want
to "share" the internet connection. I don't think of it as firewalling,
more a convenient way to share my antediluvian dialup connection ;-)
As such I find it rather useful, particularly as the modem in my iBook G4
is not supported by Linux. The machine running Firestarter acts as gateway
for my small LAN, of course.
Re: tcp wrappers, I said...
>> Personally, since I only need ssh access from a few IPs, I prefer
>> not to have my ssh port flapping in the breeze. I therefore use
>> firestarter to leave it open only for the trusted IPs.
> Better accomplished with tcp wrappers IMHO. Doesn't have the hassles
> that go with understanding an iptables script.
I'm aware of tcp wrappers, and use that, for instance, in conjunction with
NFS. As Firestarter is very easy and intuitive to use, I haven't needed to
write or understand iptables scripts, so that point really doesn't apply
in my simple case.
Your posts are informative, though - thanks!
Peter
More information about the ubuntu-users
mailing list