BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] firewalld rant

Subject: [Discuss] firewalld rant
From: dsr at randomstring.org (Dan Ritter)
Date: Mon, 23 Nov 2020 11:00:55 -0500
In-reply-to: <87o8jocch2.fsf@hobgoblin.ariadne.com>
References: <mailman.1.1604941204.13525.discuss@lists.blu.org> <87o8jocch2.fsf@hobgoblin.ariadne.com>

Dale R. Worley wrote: 
> > From: Dan Ritter <dsr at randomstring.org>
> >
> > Dale R. Worley wrote: 
> >> As in the above example, when you set masquerading on interface X,
> >> *which* packets coming from *which* interfaces are masqueraded *how*
> >> going out *which* interface?
> >
> > This is consistent on all NAT systems: masquerading refers to changing
> > the source address for forwarding packets exiting a system for their
> > next destination. It applies on an outgoing interface, and
> > without further elaboration, to all matching packets going out
> > from that interface.
> 
> That's good to know, but where is that written down?

RFC: https://tools.ietf.org/html/rfc3022 

Linux: https://lartc.org/howto 

OpenBSD: https://www.openbsd.org/faq/pf/nat.html

cisco: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

I admit JunOS is weird because it likes to use "zones" instead
of interfaces, but if you only have one interface per zone, it's
the same thing again.

-dsr-

References:
- [Discuss] firewalld rant
  - From: worley at alum.mit.edu (Dale R. Worley)

Prev by Date: [Discuss] firewalld rant
Next by Date: [Discuss] HPLIP in a VirtualBox
Previous by thread: [Discuss] firewalld rant
Next by thread: [Discuss] Free Full Height Server Rack
Index(es):
- Date
- Thread