IP Masquerading question

Kevin Buettner kev@primenet.com
Thu, 28 Sep 2000 16:21:09 -0700 

In that case, either the IP-Masquerade-HOWTO or the IPCHAINS-HOWTO
should tell you what you need.  See either

  http://www.redhat.com/mirrors/LDP/HOWTO/IP-Masquerade-HOWTO.html

or

  http://www.redhat.com/mirrors/LDP/HOWTO/IPCHAINS-HOWTO.html

Basically the IP Masquerading mechanism works by mapping an address
and port number from your internal network to the (single) external
firewall address and (a different) port number.  Thus all traffic from
your internal network appears to be coming from a single IP address. 
The kernel on your firewall is responsible for keeping track of these
mappings and knows where to send the return packets.  (Note that some
rewriting of the packet headers is required.)

Note that this mechanism will only work for relatively small internal
networks.  (Up to perhaps several hundred machines.) If you have too
many connections to the outside simultaneously, the firewall will run
out of port numbers to use.

Hope this helps.

Kevin

On Sep 28,  3:49pm, David Demland wrote:
> Subject: RE: IP Masquerading question
> Kevin,
> 
> In this case it will be a one to many.
> 
> Thank You,
> 
> David Demland
> Qa/Testing Manager
> CADTEL Systems, Inc.
> 11201 N. Tatum Ste. 200
> Phoenix, AZ 85028
> (602) 953-4888
> Fax: (602) 953-4833
> ddemland@cadtel.com
> 
> -----Original Message-----
> From: plug-discuss-admin@lists.PLUG.phoenix.az.us
> [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Kevin
> Buettner
> Sent: Thursday, September 28, 2000 12:04 PM
> To: plug-discuss@lists.PLUG.phoenix.az.us
> Subject: Re: IP Masquerading question
> 
> 
> On Sep 28, 11:20am, David Demland wrote:
> 
> > I am learning about IP Masquerading so I do not know a lot about it yet.
> My
> > question: Can I Masquerade an IP on my internal network to a whole
> different
> > IP once it goes through the firewall and if so how?
> 
> Do you want a one-to-one mapping or a many-to-one mapping?  Linux is
> capable of doing either one, but it'll save time if we know which one
> you want.
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
> to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>-- End of excerpt from David Demland