[PLUG] Masquerading question...

[Michael C. Robinson]

If I want to disable a host's Internet access when it may be 
receiving data from a masquearading server, will the masq 
server terminate connections with Internet hosts because it 
can't send data to the local host anymore or does the local 
host have to terminate those connections?  I would think 
since the masq box pretends to be the local host that it 
should simulate being down when the local host is down and 
terminate any data stream destined to that host.

Out of curiosity, is there a port of iptables for Windows 98 
Second Edition?  I want to use it to set up rules that drop 
all packets outbound to the Internet and inbound from it on 
individual workstations at will.  

Ultimately, I guess the simple masquerade for any local address 
rule has to be replaced with something more complex like a user 
defined chain for each host that the appropriate masquerading 
rule can be put into and flushed out of at will.  There are hosts 
that should be allowed to traverse the local network prevented
from getting past the gateway and receiving data from the 
Net when a user wants or needs this.  This is something where
a utility would be well placed on my private internal web 
server, perhaps a CGI script.  The alternative to CGI is
an X terminal based utility.  This has the advantage that
people have to authenticate by logging in on a local Linux 
server before they can change their Internet access setting.

     --  Michael