[LARTC] I need some advice.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Arthur van Leeuwen arthurvl@sci.kun.nl
To: lartc@vger.kernel.org
Subject: [LARTC] I need some advice.
Date: Sat, 27 Jan 2001 11:15:55 +0000	[thread overview]
Message-ID: <marc-lartc-98373940416919@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98373940416914@msgid-missing>

<PRE>On Fri, 26 Jan 2001, billy wrote:

&gt;<i> Thanks fore your answer
</I>
My pleasure.

[snip]

&gt;<i> &gt; &gt; if there are some problems or recomandations I must have to take.
</I>&gt;<i> &gt;
</I>&gt;<i> &gt; NAT has a bit of a problem with certain protocols such as FTP. These are
</I>&gt;<i> &gt; mostly handled by the kernel, but there may be cases with new or custom
</I>&gt;<i> &gt; protocols that are not handled yet. You ought to be aware of that.
</I>&gt;<i> &gt; Furthermore, IPsec AH-mode does not work with NAT. IPsec ESP-mode does,
</I>&gt;<i> &gt; fortunately.
</I>
&gt;<i> Yes I new about the NAT problem, now what about masquerading?
</I>
Masquerading is NAT with port-translation thrown in. This enables multiple
IP addresses to be mapped to a single IP address. In 2.4 and the netfilter
and iptables documentation (at <A HREF="http://netfilter.kernelnotes.org/">http://netfilter.kernelnotes.org/</A>)
masquerading is also called NAPT, Network Address and Port Translation.

&gt;<i> I can't find any diference, but there must be, or there the same thing?
</I>&gt;<i> does masquerading have the same problem? I think so.
</I>
Yes, masquerading has the same problems.

&gt;<i> know what do you refer or meen with IPsec AH-mode and IPsec ESP-mode?
</I>
Look at the documentation for FreeS/WAN at <A HREF="http://www.freeswan.org/">http://www.freeswan.org/</A>

IPsec is a protocol to do encryption and authentication of packets at the
IP-level. IPsec AH-mode provides only authentication, but authenticates
packet headers as well as their payload. This directly conflicts with NAT,
as NAT changes the packet headers. IPsec ESP-mode provides authentication as
well as encryption, but does not authenticate the outer packet's headers,
and therefore can be used over NAT-ed conections.

Doei, Arthur.

-- 
  /\    / |      <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A>      | Work like you don't need the money
 /__\  /  | A friend is someone with whom | Love like you have never been hurt
/    \/__ | you can dare to be yourself   | Dance like there's nobody watching

</PRE>

     prev parent reply	other threads:[~2001-01-27 11:15 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-01-25 17:43 [LARTC] I need some advice billy
2001-01-26 10:26 ` Arthur
2001-01-26 18:34 ` billy
2001-01-27 11:15 ` Arthur [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-98373940416919@msgid-missing \
    --to=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.