On Sun, Sep 26, 1999 at 06:14:53PM -0400, Andriy Luchkovsky wrote:
> Can somebody explain to me the difference b/w diald and IPChains
>
> What I understand is this:
> IPChains set proper firewall (including masq) rules to allow packets to
> either go thru or not and possibly masquerade themselves(packets) under
> another IP address of the Linux box that will actually send them.
> IPChains will not do any dialing for you, so you have to manually bring the
> link up (using pppd dialer for example).
Correct.
> It is IPChains that will modify routing tables for me, establishing routes
> necessary to deliver packets and setting kernel for masquerading if I
> request so.
No. IPChains does not deal with any routing. It does, however, deal
with the masquerading, in addition to the previously mentioned functions
it serves.
> Now diald comes in and here I get confused. Diald will establish proxy to a
> fake IP address and monitor it, if any packets are destined to that fake
> address, then diald will dial and establish the link and route packets thru
> physical link. Question: how will any packets be destined for this fake IP
> address, who will initiate them, since nobody but diald knows of its
> existence?
Diald establishes the proxy interface as the default interface. The
default interface is the interface to which packets get sent when no
other interface matches the packet's destination IP/network.
> (Or will diald intercept any packets that are destined out of the local
> subnet and diald itself will put them onto the proxy?)
No. The kernel hands the packets to diald.
> Is diald working on top of masquerading or instead?
Diald is working at a differnt level from the firewall. The firewall
looks at all packets so it can figure out whether to allow them in or out
and also whether to masquerade them. Diald looks at packets that arrive
at the interface it is monitoring so it knows when to dial.
They serve different purposes.
--
Gyepi Sam --+-- Designer/Programmer --+-- Network/System Administrator
[EMAIL PROTECTED] --+-- http://www.praxis-sw.com/gyepi
And that's the way it is... -- Walter Cronkite
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
