On Tue, Sep 28, 1999 at 04:10:01PM -0400, Avery Pennarun wrote:
> I think masquerading is a useful additional firewall layer. It makes it
> simply impossible to talk to hosts hidden behind the firewall unless _they_
> make the first move. Unlike traditional firewalling ("Hmm, do I really need
> to close off this port? I guess not.") it's quite difficult to screw up.
Wouldn't it be easier and prettier to set up a firewall (=ipfwadm / ipchains
/ netfilter / ??) rule to reject incoming connections to the boxen to be
protected? Surely you only want to use masq/NAT if you actually *need* to
translate addresses?
--
"downtown baby its a million to one, you can even name your poison.
standing in line by the exit sign, suicide alley is calling"
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
