Advice sought on machine web-server safe
Timothy Murphy
tim at birdsnest.maths.tcd.ie
Fri Nov 18 02:48:56 UTC 2005
STYMA, ROBERT E (ROBERT) wrote:
>> I assume I am using NAT,
>> since I have a number of other computers (Linux and Windows)
>> attached to the above machine,
>> and they access the outside world through email and the web.
>>
> To see if you have NAT, look at your ip address
> "ifconfig -a" on linux and "ipconfig" on windows.
> If you are using nat, you will probably see an
> ip address in starting with 10.something or
> 192.168.something.
I take it this shows I am running NAT?
--------------------------------------------
[root at alfred ~]# iptables -L -t nat
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ppp0_masq all -- anywhere anywhere
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain ppp0_masq (1 references)
target prot opt source destination
MASQUERADE all -- 192.168.1.0/24 anywhere
MASQUERADE all -- 192.168.3.0/24 anywhere
MASQUERADE all -- 169.254.0.0/16 anywhere
--------------------------------------------
As a matter of interest, is it possible
to run a home network _without_ NAT?
> If you would like a simple way out, you can consider
> getting an inexpensive DSL/Cable router.
Several people have suggested this,
but I'm not sure why it is thought better than iptables on a computer.
It seems to me that a router is a black box,
and you're basically trusting software you know nothing about
to only allow certain packets through.
Isn't that slightly against the Linux philosophy?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
More information about the users
mailing list