Paul Vixie mumbled something vague about:
> >I've heard there are a couple of commercial network address translators
> >available for those of us who were foolish enough to build extensive
> >enterprise networks on non-NIC assigned addresses. Does anyone have any
> >real-world experience with such a product?
>
> At Usenix LISA a few weeks ago in Monterey, CA, the first booth inside the
> front door belonged to a company that sold NAT boxes. They appeared to be
> based on some BSD flavour, and they wanted to sell hardware rather than just
> a software solution. Now if I could only remember their company name. Ah,
> here it is in the vendor directory included with my conference materials:
> Border Network Technologies; Borderware Firewall Server; <carol @
border .
com>.
Newer Linux kernels include IP masquerading functionality, which does
this sort if thing, in software. (For free, too, which is a nice
touch.)
The state-of-the-art (which may not be suitable for a production
environment; YMMV) includes code to parse FTP packets and alter the
PORT lines, and similar support for talk is pending.
More information is available at ftp://ftp.eves.com/pub/linux/masq (I
think).
Mike
(who also doesn't follow firewalls as closely as he should... please
cc: on response)
--
#> Mike Shaver (shaver @
ingenia .
com) Ingenia Communications Corporation <#
#> UNIX medicine man -- dark magick, cheap! <#
#> <#
#> When the going gets tough, the tough give cryptic error messages. <#
#> "We believe in rough consensus and running code." <#
Follow-Ups:
|
|
