Overview of Firewalls and Masquerading
A firewall computer is a secure system that sits between an internal network and an external network (i.e., the Internet). It is configured with a set of rules that it uses to determine what traffic is allowed to pass and what traffic is barred. While a firewall is generally intended to protect the network from malicious or even accidentally harmful traffic from the outside, it can also be configured to monitor traffic leaving the network. As the sole entry point into the system, the firewall makes it easier to construct defenses and monitor activity.
The firewall can also be set up to present a single IP address to the outside world, even though it may use multiple IP addresses internally. This is known as masquerading. Masquerading can act as additional protection hiding the very existence of a network. It also saves the trouble and expense of obtaining multiple IP addresses.
Note
The discussion of iptables applies to Version 2.4 Linux kernels. As this book was being written, both iptables and the 2.4 kernel were still in development. The final product may differ slightly from what we describe here. See the O’Reilly book Linux Network Administrator’s Guide by Olaf Kirch and Terry Dawson or the the “Linux IPTABLES-HOWTO” for more information. This HOWTO, and a myriad of others, can be obtained from the the Linux Documentation Project web sites (see the preface).
IP firewalling and masquerading are implemented in Linux Version 2.2 with ...
Get Linux in a Nutshell, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.