Setup
IP masquerading is accomplished though the packet-filtering firewall capabilities of modern Linux kernels. When an outgoing network packet hits the firewall machine (the server with IP masquerading set up on it), the firewall rewrites elements of each packet to make them look as if they are emanating from the firewall and not the machine behind the firewall. The return packets are modified to go back to the machine that sent the original outgoing packets. To both ends of the transaction, nothing odd seems to be going on at all.
Some services, such as FTP, require special handling, thus the module to support FTP connection tracking. This is because an active FTP connection uses two separate ports, 21 for control, and 20 for data transfer. ...
Get Special Edition Using Linux®, Sixth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
