[plug] IP Chains

Bret Busby bret at clearsol.iinet.net.au
Thu Dec 23 09:59:12 WST 1999


Michael Hunt wrote:
> 
> > Michael Hunt wrote:
> > >
> > <snip>
> > > Mikes Quick and dirty quide to IP masquerading
> > >
> > > 1. Turn on IP forwarding. You can do this through most distro's control
> > > panel app (at least under RedHat) or by echo an 1 to the
> > relevant proc file
> > > (the name surpasses me at the moment).
> >
> > <snip>
> >
> > What is IP forwarding?
> 
> Ip frowarding basically means routing. Look at it this way
> 
> My Machine 192.168.1.11 (workstation) sends a packet to the internet.
> According to the routing tables on my machine this goes to the default
> gateway (192.168.1.254 eth0:0). My linux box has ip masq, ip forwarding and
> ip chains installed so what happens next is this:
> 
> Routing table is looked up on Linux box and it sees that the default gateway
> is my ppp adapter. Because my box has the above on it forwards the packet on
> to the internet (masking it as a routable IP address using the IP off my ppp
> adapter). It also filters any outgoing and incoming packets to see if they
> might my ip chain rules.
> 
> Michael Hunt

My understanding (which may be totally wrong), is that ipchains involves IP
masquerading, and takes care of the firewalling security stuff.

I do not understand why a firewall on a mchine that connects to an ISP using
dialup, needs a routing application such as ip forwarding.

Christian said in his response, that IP forwarding is forwarding of IP packets;
but I understood that was what the machine did, anyway, if it used TCP/IP for
communication.

I realise that I probably appear to have no understanding whatsoever, or that
what I understand is incorrect, but, could someone please explain the role of
each?

-- 

Bret Busby

Phone/Fax:    +61 8 9399 3820 ( 08 9399 3820 within Australia)

........................................


More information about the plug mailing list