IP Masquerading with Linux

A few months ago, Chris concluded an article on building a Linux firewall with an allusion to Linux's ability to hide an entire network behind a single IP address—called IP masquerading. This month, he explains how to enable and configure IP masquerading, also known as Network Address Translation, for Linux.

IP masquerading is an interesting technology, but more importantly, it serves a very useful function for many Internet environments. It works well for common services such as telnet, http, and ftp, but it does not support everything. ICMP messages, talk, remote X applications, and rlogin do not work with masquerading. Fortunately, the software is still in its Alpha versions, and more development is being pursued.

Chris Kostick (ckostick@csc.com) is a Senior Computer Scientist at Computer Sciences Corporation's Network Security Department. He enjoys working with Linux but considers himself a latecomer because he started out at kernel version 1.1.18. As far as computers go, he's not sure if he has more fun debugging TCP/IP problems or shooting DOS machines