On Fri, 26 Jan 2001, billy wrote: > Thanks fore your answer My pleasure. [snip] > > > if there are some problems or recomandations I must have to take. > > > > NAT has a bit of a problem with certain protocols such as FTP. These are > > mostly handled by the kernel, but there may be cases with new or custom > > protocols that are not handled yet. You ought to be aware of that. > > Furthermore, IPsec AH-mode does not work with NAT. IPsec ESP-mode does, > > fortunately. > Yes I new about the NAT problem, now what about masquerading? Masquerading is NAT with port-translation thrown in. This enables multiple IP addresses to be mapped to a single IP address. In 2.4 and the netfilter and iptables documentation (at http://netfilter.kernelnotes.org/) masquerading is also called NAPT, Network Address and Port Translation. > I can't find any diference, but there must be, or there the same thing? > does masquerading have the same problem? I think so. Yes, masquerading has the same problems. > know what do you refer or meen with IPsec AH-mode and IPsec ESP-mode? Look at the documentation for FreeS/WAN at http://www.freeswan.org/ IPsec is a protocol to do encryption and authentication of packets at the IP-level. IPsec AH-mode provides only authentication, but authenticates packet headers as well as their payload. This directly conflicts with NAT, as NAT changes the packet headers. IPsec ESP-mode provides authentication as well as encryption, but does not authenticate the outer packet's headers, and therefore can be used over NAT-ed conections. Doei, Arthur. -- /\ / | arthurvl@xxxxxxxxxx | Work like you don't need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there's nobody watching
