TechRepublic: IP Masquerading’s your friend, but don’t trust it alone

“A Linux host with IP Masquerade enabled can provide computers
connecting to it with Internet access, even though those clients
may have no dedicated IP addresses.

IP Masquerading also offers the opportunity, when combined with
a firewall, to better protect critical files and data. Breaking the
security of a well-set-up Masquerading system should be
considerably more difficult than breaking a good packet
filter-based firewall.

Masquerading allows for the average user to benefit from Linux’s
scalability and security and can be set up simply and rather
quickly by enabling ipforwarding in your kernel and IPV4, setting
up basic “firewall” rules, and configuring the gateways of all
client machines. It only takes a little tinkering with a few
scripts to get your small network up and running online with only a
single IP address.”

“With IP Masquerading, security is a concern. Make sure to
carefully examine the security of your system, or you stand the
chance of having your entire network cracked open by some fly-by
hacker. How can this be prevented? In a word, FIREWALLS! For an
in-depth look at Linux security, take a trip over to HowTo.”

Complete Story