Slashdot Log In
Ask Slashdot: IP Masquerading Drawbacks?
Posted by
Cliff
on Sun Jul 25, 1999 08:35 PM
from the getting-it-working dept.
from the getting-it-working dept.
A Nameless Slashdotter submitted this question:
"IP Masquerading (NAT under FreeBSD) is straight from the Gods. Yet it has a few very large drawbacks, such as inability to do DCC or ICQ file transfers, or play games over the internet on one of the Masq'ed machines, even with the "irc" and "quake" masquerading modules loaded. Someone give me options to solve this problem, be it another operating system, a firewall setting, a program or setup!"
This discussion has been archived.
No new comments can be posted.
Ask Slashdot: IP Masquerading Drawbacks?
|
Log In/Create an Account
| Top
| 212 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
I bet you use Red Hat 6.0 (Score:4)
Solution: Create
Distributions which manually specify modules to be loaded, like Debian or (maybe) Caldera, don't have this problem. It's just distributions which try to get fancy by using the kernel-level module auto-loader that have this problem (and only under the 2.2 kernel, which removed the 2.0 kernel's timeout functionality for the auto-loader).
With the proxy modules loaded, I've never had any problems with reverse connections on FTP, Quake, etc. That's why I'm suspecting either a) you don't have them loaded, or b) Red Hat 6.0 (or Mandrake 6.0) is helpfully unloading them for you!
-E
NAT Problem Workarounds (Score:4)
I have seen a few comments about how evil NAT is. I wholelly agree. But it has it's benefits.
Being able to have any number of IP's that are needed to complete one's network without having to go through the hassle of paying for an IP space is the one at the top of my list for one... Though:
For ease of use I would recommend FreeBSD, it has a better suite for NAT (no flames yet plaese... read the rest.) And my statistics for the box actually say that FreeBSD is faster for doing the networking. (non professional... just watching the D/L rates.)
For functionality I would highly recommend Linux, as it has a much better plug in system for the Masq modules.
I have used both. And had much success with both. But the one thing I will HIGHLY recommend for both operating system platforms is socks5. Most applications are somewhat aware of it, and those that are not can be made aware with some library tricks. I use ICQ and AIM on a windows box behind my firewall with little to no problems at all. The only problem that I see is that sometimes incoming messages are a little slow (have yet to figure that one out, but I'm sure it's a configuration error).
The only other thing that may cause problems is if you are using dynamic dialup. Secure web sites sometimes complain about an invalid reverse name lookup.
I have been happily using a NAT based firewall for about 2 years now both Linux and FreeBSD. I prefer FreeBSD for the networking speed, but that is wholelly my personal opinion.
Masquerade resources (Score:5)
You can find information there on getting just about any application working with masquerading.
Re:You need a specialised setup for each app (Score:4)
Check out my "howto" on portfw'ing:
http://www.gargoyle.dyndns.org/linux/portfw-tut
anyway, the webserver itself is behind the IPmasq
How I Do It on Linux (Score:5)
which returns:
Then I (as root):
This adds the ability to do ftp from a masq't machine, or does for me. There are other protocols, such as for RealAudio. Grepping on "masq" will find 'em.
Ie:
I'm not sure that the loaded module persists if it isn't called for a while. There are parameters governing this sort of thing. You can also add the line to your
Looking forward to seeing other solutions! (Far as I can tell, I'm first post.)
Anyway, gives you a place to manpage if nothing else....
-K