Re: Ip tables and NAT
Sat, 25 Feb 2006 11:07:35 -0800
On Sat, 2006-02-25 at 10:47, Mike Bird wrote:
> > > Another useful
> > > iptables feature is NAT, which is also trivial to set up with
> > > firestarter.
> > Rule #1: NAT is not firewalling. I'll repeat that: NAT is not
> > firewalling. NAT on the local machine is nonsensical. NAT is by
> > definition a gateway function. Unless you are doing edge cases like
> > NATing to several virtual machines on the local box, in which case
> > you probably know enough about packet filtering to write your own
> > script
> It's hard to imagine a situation where NAT would be needed on
> a workstation. Nevertheless, NAT is a very effective form of
> firewalling on a gateway.
Correcting for my own failure of imagination:
A common case of workstation NAT is two or three workstations
on a home LAN, with one of them connected to the ISP.
ubuntu-users mailing list