Linux Today: Linux News On Internet Time.

TechRepublic: IP Masquerading's your friend, but don't trust it alone

Sep 22, 1999, 16:51 (6 Talkback[s])
(Other stories by Jack Wallen)

"A Linux host with IP Masquerade enabled can provide computers connecting to it with Internet access, even though those clients may have no dedicated IP addresses.

IP Masquerading also offers the opportunity, when combined with a firewall, to better protect critical files and data. Breaking the security of a well-set-up Masquerading system should be considerably more difficult than breaking a good packet filter-based firewall.

Masquerading allows for the average user to benefit from Linux's scalability and security and can be set up simply and rather quickly by enabling ipforwarding in your kernel and IPV4, setting up basic "firewall" rules, and configuring the gateways of all client machines. It only takes a little tinkering with a few scripts to get your small network up and running online with only a single IP address."

"With IP Masquerading, security is a concern. Make sure to carefully examine the security of your system, or you stand the chance of having your entire network cracked open by some fly-by hacker. How can this be prevented? In a word, FIREWALLS! For an in-depth look at Linux security, take a trip over to HowTo."

Complete Story

Related Stories: