[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] OS-discussion
- Subject: Re: [cobalt-developers] OS-discussion
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Tue Mar 26 22:19:56 2002
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
> Date: Tue, 26 Mar 2002 15:47:39 -0500
> From: Matthew Nuzum <cobalt@xxxxxxxxxxxxx>
> I believe that every router can do this, even Linux.
Yes, good point. A Windows box could theoretically do it... not
that I'd ever want to. :-)
> Also, just because you use NAT doesn't mean you can't have a
> public IP address. As a matter of fact, NAT (by literal
> definition) implies that every host behind a router has an
> addressable IP on a 1 to 1 ratio. There is no rule that your
Huh? NAT can be 1:1, 1:many, many:many, or many:1.
> ?AT router has to protect only computers with private IPs. If
> your router is the gateway router between your subnet and the
> Internet and has the ability to handle rules (aka is a
> "firewall" in addition to a router) then it shouldn't matter
> what your ip addresses are.
I think that Jeff was saying that he valued his sanity more than
to mess with port forwarding, evil DNS, and non-standard ports.
> Of course all of that is moot if you the Internet or your NAT
> users can can bypass your router. I have traditionally used
> Cisco routers for doing this kind of work. Never-the-less, I
> know that Linux can do it (in all 2.x kernels I believe) and
> I've done it with FreeBSD 3.3.
FreeBSD actually has two approaches: ipfw and ipf
OpenBSD: ipf before OBSD 2.9, pf starting with 3.0
Linux 2.0: ipfwadm
Linux 2.2: ipchains
Linux 2.4: I forget the name
I've used FBSD 3.3-4.5, OBSD 2.6-3.0, and Linux 2.0 and 2.2, as
well as IOS... not to mention little turnkey and embedded router/
firewall devices.
Many people use a cute little saying in their .signature files
that I think I'll throw in:
I route, therefore you are
:-)
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
--
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist@xxxxxxxxx>, or you are likely to be blocked.