[Discuss] firewalld rant
Dan Ritter
dsr at randomstring.org
Mon Nov 23 11:00:55 EST 2020
Dale R. Worley wrote:
> > From: Dan Ritter <dsr at randomstring.org>
> >
> > Dale R. Worley wrote:
> >> As in the above example, when you set masquerading on interface X,
> >> *which* packets coming from *which* interfaces are masqueraded *how*
> >> going out *which* interface?
> >
> > This is consistent on all NAT systems: masquerading refers to changing
> > the source address for forwarding packets exiting a system for their
> > next destination. It applies on an outgoing interface, and
> > without further elaboration, to all matching packets going out
> > from that interface.
>
> That's good to know, but where is that written down?
RFC: https://tools.ietf.org/html/rfc3022
Linux: https://lartc.org/howto
OpenBSD: https://www.openbsd.org/faq/pf/nat.html
cisco: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html
I admit JunOS is weird because it likes to use "zones" instead
of interfaces, but if you only have one interface per zone, it's
the same thing again.
-dsr-
More information about the Discuss
mailing list