Re: NAT & IP Masq.

Mon, 22 May 2000 10:02:21 -0700 

On Mon, 22 May 2000, mcmahoncpa wrote:

>  The point i was trying to make was regarding the one-to-many model that
> proxies employ and as part of the security model the proxy process will
> translate the ip address of any inside host to a single "outside" ip
> address.    IP masquarading has been "casually" used to reflect this
> behavoir.   However, I agree with your point that the ip masq name evolved
> from Linux and technically should be referred to as a Linux capability.
> Thanks for the clarification.

Understood, my point is that proxies are not really NAT, but more
redirection, as is dowene with ports and services, yes?

Thanks,

Ron DuFresne

> 
> /bob mcm
> 
> Ron DuFresne wrote:
> 
> > On Mon, 22 May 2000, Robert McMahon wrote:
> >
> >         [SNIP]
> >
> > > I would also say that the reason for employing NAT is not the same as
> > > employing ip masq.  I don't believe NAT was designed to be a security
> > > mechanism, while ip masq was (as part of the proxy function).
> > >
> >
> > I do not think proxies require ipmasq, which, if I understand this, is a
> > linux implementation only.  And basiacally NAT/IPmasq is not a security
> > solution as proxies are, unless security through obscurity has become
> > functiuonally validated.
> >
> > Thanks,
> >
> > Ron DuFresne
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation." -- Johnny Hart
> >         ***testing, only testing, and damn good at it too!***
> >
> > OK, so you're a Ph.D.  Just don't touch anything.
> 
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to