Skip to main content

What is IP Masquerade ???

IP Masquerade is a networking function in Linux similar to the one-to-many (1:Many) NAT (Network Address Translation) servers found in many commercial firewalls and network routers. For example, if a Linux host is connected to the Internet via PPP, Ethernet, etc., the IP Masquerade feature allows other "internal" computers connected to this Linux box (via PPP, Ethernet, etc.) to also reach the Internet as well. Linux IP Masquerading allows for this functionality even though these internal machines don't have an officially assigned IP address.

MASQ allows a set of machines to invisibly access the Internet via the MASQ gateway. To other machines on the Internet, the outgoing traffic will appear to be from the IP MASQ Linux server itself. In addition to the added functionality, IP Masquerade provides the foundation to create a HEAVILY secured networking environment. With a well built firewall, breaking the security of a well configured masquerading system and internal LAN should be considerably difficult to accomplish. 

source:
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ipmasq-background2.1.html
Labels:

Comments

Post a Comment

Popular posts from this blog

about gigabyte NIC onboard not detected on enterprise linux distribution

on several gigabyte motherboard, onboard network interface card  will not be detected on enterprise linux distribution (e.g. scientific linux, oracle linux server, etc). alternatively you must supply add-on card. or if you insist to use the onboard card, you must install the unofficial nic driver. this is tutorial how to install driver for onboard network interface card GIGABYTE first of all prepare your system. make sure it has package group "Development Tools" installed. if it has not, install it # yum groupinstall “Development Tools” download the source code : https://www.dropbox.com/s/na91bu4az4p9827/AR81Family-linux-v1.0.1.14.tar.gz extract the source code : # tar zxvf AR81Family-linux1.0.1.14.tar.gz the extraction process will make the new directory "AR81Family*", change to the directory # cd AR81Family* compile the source by type on terminal : # make then, # make install wait until the compiling process finish. next make the new scrip...
2 comments
Read more

about getsebool and setsebool

The setsebool is used to set SELinux boolean value i.e. various configurations can be enabled or disabled using this tool. In other words, the setsebool command switches on and off the protection of SELinux. Type getsebool -a to see all such options which can be enabled or disabled at run time: e.g. # getsebool -a The following should give you a complete listing of all the vsftpd switches: e.g.  # getsebool -a | grep ftp  For example, if httpd_disable_trans set to 1, it will disable SELinux protection for  Apache web server. To disable it, enter:  # setsebool -P httpd_can_network_connect=1 To enable it, enter:    # setsebool -P httpd_can_network_connect=0
3 comments
Read more

All certification

Post a Comment
Read more