Stan Kaufman <[EMAIL PROTECTED]> a écrit : | Then in the rules for the External interface, only certain ports appear | to be let back in. I presume that the second and third rules with | destination ports 61000:65095 are for returning masqueraded packets, eh?
right | This example doesn't make clear to me what happens to packets from the | Internal network when they're jumped to MASQ. Do they get a new port (in | the range 61000:65095) in addition to the masqueraded ip address so that | when they come back they get past the Bad interface to get | demasqueraded? yes | Or do they just go around the Bad interface because in | some other fashion they're identified as masqueraded packets through | something MASQ does? as you masquerade all sent packets, you should only receive masqueraded packets. Only port range identifies these packets. Too bad this mechanism could not be applied for a standalone system : packets are not forwarded. -- o-o [EMAIL PROTECTED] (Michel Verdier) http://www.chez.com/mverdier