Chris Pressley writes:
> NAT is a small part of my overall security plan. I'm looking for the
> best way to implement NAT, primarily from a cost and performance
> standpoint. Currently, I know of three ways to do NAT:
> 1) Install and configure a firewall
> 2) Dedicate a host, using software such as IPRoute
> (http://www.mischler.com/iproute/)
> 3) Configure a router (e.g. Cisco with IOS 11.2 and "IP Options")
>
> I'm looking for feedback on the following:
> 1) What is my best dollar/cost solution?
> 2) Are there other ways to implement NAT that I'm not aware of?
I'm not going to attempt to answer the larger question, but you might
also take a look at IP filter. It provides packet filtering, NAT
functionality, and support for transparent proxies. It can also keep
some connection state information.
http://coombs.anu.edu.au/~avalon/ip-filter.html
N.B. Although I like the feature set of this package, it is very much
still a work in progress. If you aren't comfortable hacking a little
C or generally playing around with your kernel, you should probably
stay away from this.
Attachment:
pgpHxKJZDHwLo.pgp
Description: PGP signature
References:
|
|
