No. Masquerading just rewrites some addresses in the IP header,
but nothing is redirected. It's just then session that the client
requested, but partly with rewritten IP headers.
> for telnet, I can achieve the same results with masquerading.
Not if you want to do more authentication, for example. Think of
the telnet proxy server that comes with the TIS firewall toolkit.
> for httpd and ftp this would make sense, since their requests
> can be cached (allthough most http/ftp clients have proxy-support?)
Right. But this enables an ISP (for example) to _force_ the use
of proxies, because the use of proxy servers doesn't depend anymore
on the settings of the client programs.
> are there other possibilities for usage ?
Yes, many. Like running 2 different servers for the same protocol.
Dependent on the sender address, the input firewall rules can redirect
the incoming session to a certain port. For example: DNS request from
the outside world: use port 53, DNS request from internal hosts: use a
different server on port 5353.
-- -- Jos Vos <jos@xos.nl> -- X/OS Experts in Open Systems BV | Phone: +31 20 6938364 -- Amsterdam, The Netherlands | Fax: +31 20 6948204