> Proxies usually require a separate process/application for each support
> protocol which can require more setup.  Also IP Filter based NATs are faster
> than using application level code as IP Filter resides in the kernel.

Well, speed isn't going to be a huge issue, here.  But, I won't turn my
nose up at it, either.  (^&



> > NAT?  (Is there an overview of this somewhere---online, or in a book
> > somewhere---that I should go read?)
>
> See section 4 of http://www.obfuscation.org/ipf/ipf-howto.txt
> http://coombs.anu.edu.au/~avalon/ip-filter.html

s/txt/ps/

(I've long since developed the preference for offline reading.  (^&)

Very helpful-looking.


> > I really only want a few services forwarded.  In decreasing order of
> > importance: HTTP, FTP, ssh, and telnet.  (I don't need to support inbound
> > connections for any of those at this point---though it might be nice at
> > some time to support inbound ssh connections.)
>
> NAT will nicely support all of these except FTP.  I end up having to use FTP
> in passive mode but I think there are ways around this also.  I know what
> Netscape defaults to passive mode anyway.

pkgsrc defaults to trying to use passive mode, doesn't it?  pkgsrc is the
main reason that I care about FTP.

(Hm.  I guess I should also add SETI@Home, which I may start running on my
Athlon again if it can run behind the NAT...)


Thanks a lot for the information.


  ``I probably don't know what I'm talking about.'' --rauch@math.rice.edu