[Ilugc] Building up a NAT Box

Girish Venkatachalam girishvenkatachalam at gmail.com
Tue Dec 2 10:54:27 IST 2008


On 18:11:37 Dec 01, Narendran wrote:
> Presently I have need to build up a Linux NAT box, over which I could be  
> able to run almost all common application including FTP, peer-to-peer  
> application (voice and video chatting) etc. Now I do something like  
> this: if a particular application is failing, I trying to add the  
> correspoding ip_nat modules. Say a SIP based application fails, I add  
> nf_nat_sip and nf_conntrack_sip.
> What I want know is there some systematic way of doing this which would  
> comprehensively take of all classes applications?

Protocols like SIP, FTP, RTP and other broken protocols that negotiate
port numbers in the payload (this includes all of RPC protocols
including NFS of course) need special handling in the firewall/NAT box.

I dunno a thing about linux firewalling but it is really really messy...

-Girish


More information about the ilugc mailing list