[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: Re[2]: ipchains question

From: Agustin Navarro <anavarro vip eniac com>
To: "Ze'ev Ionis" <zionis interlog com>
Cc: redhat-list redhat com
Subject: RE: Re[2]: ipchains question
Date: Tue, 7 Sep 1999 19:36:23 -0400 (VET)

On Mon, 6 Sep 1999, Ze'ev Ionis wrote:

> What other masq modules are there besides ip_masq_ftp?  I also had to
> manually load this module, and it made the ftp service work smoothly, but it
> also made me wonder why I needed it?  How is the functionality it provides
> different from what is already in the ip masquerading modules - that is, why
> is it a separate module?
> 

Normal TCP/IP packets have the source ip number and the destination ip number on
the header. When you use masq., the source ip number of the header is replaced
by the masquerade server.

As part of the active FTP PROTOCOL, some of this information is moved to the
data portion of the packet. So the module just scans the data portion of packets
from the FTP protocol to pick up the source/destination ip numbers and make the
appropriate masquerade.

The same thing happens with other protocols. So you need a module for each of
then.

Check the IP-MASQUERADE MINIHOWTO

There are several modules depending on your kernel. Check
/lib/modules/linux-2.2.???/ipv4/

Agustin

 -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Agustin Navarro P.
anavarro vip eniac com
58.2.9630746

References:
- RE: Re[2]: ipchains question
  - From: Ze'ev Ionis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]