On Wed, Dec 05, 2001 at 05:35:25AM -0600, Richard Rauch wrote:
> Is NAT a general, umbrella mechanism that tries to do everything
> (necessarily failing when it doesn't understand the protocol it's
> forwarding and the protocol carries IP addresses as data)?

Yes.

Proxies usually require a separate process/application for each support
protocol which can require more setup.  Also IP Filter based NATs are faster
than using application level code as IP Filter resides in the kernel.

>  Or is it a
> general concept, encompassing such things as http proxies?  If the former,
> what are people's recommendations on setting up proxies vs. setting up
> NAT?  (Is there an overview of this somewhere---online, or in a book
> somewhere---that I should go read?)

See section 4 of http://www.obfuscation.org/ipf/ipf-howto.txt
http://coombs.anu.edu.au/~avalon/ip-filter.html

> 
> I really only want a few services forwarded.  In decreasing order of
> importance: HTTP, FTP, ssh, and telnet.  (I don't need to support inbound
> connections for any of those at this point---though it might be nice at
> some time to support inbound ssh connections.)

NAT will nicely support all of these except FTP.  I end up having to use FTP
in passive mode but I think there are ways around this also.  I know what
Netscape defaults to passive mode anyway.

> 
> 
>   ``I probably don't know what I'm talking about.'' --rauch@math.rice.edu
>