[NBLUG/talk] Networking question

Kyle Rankin kyle at nblug.org
Mon Sep 29 11:03:00 PDT 2003


On Mon, Sep 29, 2003 at 10:44:45AM -0700, Steve Johnson wrote:
> Kyle Rankin wrote:
> >On Sun, Sep 28, 2003 at 03:27:26PM -0400, Dave Sisley wrote:
> 
> >Basically what you want to do is set up IP Masquerading (or possibly NAT)
> 
> I always thought NAT and IP Masq were the same thing, just different 
> names for the same idea.
> Can anyone explain what the difference is?
> 
> 
> -Steve

Here's a good in-depth description of the different types of Network
Address Translation techniques, including Masquerading:

http://www.suse.de/~mha/linux-ip-nat/diplom/node4.html#SECTION00042100000000000000

When I am saying "NAT" versus "Masquerading" you could read that, in these
documents as "Static NAT" and "1:Many Dynamic NAT" or "Masquerading Dynamic
NAT".

The main difference is that the Masquerading will work dynamically, taking
all incoming traffic and route it out, making it appear to come from
whatever single IP the outgoing device (in this case ppp0) is assigned.
With static NAT, you assign all of the traffic a specific IP address.  You
can even do things such as assigning certain traffic to appear to come from
one IP, and other traffic to appear to come from another.  Basically, the
rules about what will happen are more strictly and statically defined.  If
you have a static IP, it's better to set up a static NAT as opposed to a
Masquerading configuration. 

I actually had to use this one time, because I had my web browser set to
reload Slashdot in a tab every 10 minutes.  After doing this for over a
month, Slashdot started deciding this was "flooding" behaviour and banned
that specific IP.  After emailing them to remove the ban resulted in no
response, I had to set up a NAT rule to specify that all traffic going to
Slashdot's subnet would appear to come from one of the other IPs that my
firewall was assigned.

-- 
Kyle Rankin
NBLUG President
The North Bay Linux Users Group
http://nblug.org
IRC: greenfly at irc.freenode.net #nblug 
kyle at nblug.org



More information about the talk mailing list