61 messages in org.freebsd.freebsd-questionsRe: ip masquerading| From | Sent On | Attachments |
|---|---|---|
| Clint Marek | May 16, 1996 8:02 pm | |
| Doug White | May 17, 1996 11:33 am | |
| Tony Kimball | May 17, 1996 2:11 pm | |
| Terry Lambert | May 17, 1996 2:23 pm | |
| Tony Kimball | May 17, 1996 6:04 pm | |
| Archie Cobbs | May 17, 1996 6:05 pm | |
| Terry Lambert | May 17, 1996 6:13 pm | |
| Tony Kimball | May 17, 1996 7:46 pm | |
| Terry Lambert | May 17, 1996 10:48 pm | |
| Archie Cobbs | May 18, 1996 1:23 am | |
| francis yeung | May 18, 1996 5:26 am | |
| Bruce A. Mah | May 18, 1996 8:43 am | |
| Eric J. Schwertfeger | May 18, 1996 11:06 am | |
| Stephen Hovey | May 18, 1996 11:59 am | |
| Archie Cobbs | May 18, 1996 1:05 pm | |
| Terry Lambert | May 18, 1996 3:15 pm | |
| Clint Marek | May 18, 1996 10:09 pm | |
| Michael Smith | May 18, 1996 10:36 pm | |
| Tony Kimball | May 19, 1996 12:50 am | |
| Carl Makin | May 19, 1996 5:01 am | |
| Pedro A M Vazquez | May 19, 1996 6:01 am | |
| Michael Smith | May 19, 1996 7:40 am | |
| Charlie ROOT | May 19, 1996 4:37 pm | |
| Michael Smith | May 19, 1996 7:07 pm | |
| Garrett Wollman | May 20, 1996 7:40 am | |
| Bruce A. Mah | May 20, 1996 8:37 am | |
| Tony Kimball | May 20, 1996 11:48 am | |
| Jim Dennis | May 20, 1996 12:47 pm | |
| Garrett Wollman | May 20, 1996 1:29 pm | |
| Tony Kimball | May 20, 1996 1:36 pm | |
| Terry Lambert | May 20, 1996 3:22 pm | |
| Terry Lambert | May 20, 1996 3:28 pm | |
| Terry Lambert | May 20, 1996 3:32 pm | |
| Gary Palmer | May 20, 1996 3:34 pm | |
| Archie Cobbs | May 20, 1996 3:42 pm | |
| Terry Lambert | May 20, 1996 3:45 pm | |
| Terry Lambert | May 20, 1996 3:56 pm | |
| Terry Lambert | May 20, 1996 4:15 pm | |
| Tony Kimball | May 20, 1996 4:54 pm | |
| Tony Kimball | May 20, 1996 5:09 pm | |
| Bruce A. Mah | May 20, 1996 5:10 pm | |
| Bruce A. Mah | May 20, 1996 5:23 pm | |
| Tony Kimball | May 20, 1996 5:25 pm | |
| Michael Smith | May 20, 1996 6:38 pm | |
| Terry Lambert | May 20, 1996 6:47 pm | |
| Jim Dennis | May 20, 1996 8:13 pm | |
| Tony Kimball | May 20, 1996 8:24 pm | |
| Jim Dennis | May 20, 1996 9:14 pm | |
| Terry Lambert | May 20, 1996 9:30 pm | |
| Terry Lambert | May 20, 1996 9:34 pm | |
| Tony Kimball | May 20, 1996 10:02 pm | |
| Bruce A. Mah | May 20, 1996 10:12 pm | |
| Bruce A. Mah | May 20, 1996 10:44 pm | |
| Tony Kimball | May 20, 1996 10:47 pm | |
| M.R.Murphy | May 21, 1996 5:59 am | |
| Carl Makin | May 21, 1996 6:46 am | |
| Terry Lambert | May 21, 1996 10:40 am | |
| Terry Lambert | May 21, 1996 10:45 am | |
| Scott Blachowicz | May 22, 1996 9:28 am | |
| Pedro A M Vazquez | May 22, 1996 11:13 am | |
| Bill Fenner | May 22, 1996 11:45 am |
| Subject: | Re: ip masquerading | |
|---|---|---|
| From: | Tony Kimball (al...@Think.COM) | |
| Date: | May 20, 1996 8:24:08 pm | |
| List: | org.freebsd.freebsd-questions | |
From: Terry Lambert <ter...@lambert.org> Date: Mon, 20 May 1996 18:48:15 -0700 (MST)
> Couldn't state be inferred from the retry packets?
I reboot. A packet comes in on port 3096:
1) Is it for me? If so, I've been dead.
2) Is it for the local net? Which host?
3) Is it an FTP data packet? Some other packet? What packet rewriting rules should I apply to it based on these assumptions?
Host, protocol could be encoded in the port number.
> It would be nice to pull out the rewriting stuff into loadable > rule sets.
It would be nicer to not need them.
Not an option, though, is it?
> Socks really wants two additional tunnel-to-socks and socks-to-tunnel > daemons written; using two private nets, this would let you run a > private net of socks-unaware hosts that get their packets proxied > by setting up a default route, a private net route to one tunnel on > one private net, and a default route to the other tunnel on the > private net with the dumb hosts. Effectively, a gateway LLB in user > space. > > I'm trying to picture this, but ...
[admirable ASCII art omitted]
You did take me literally:-) I don't have a problem with the physical picture.
client default route: server on local net server default route: modem internal local net route: depends on packet destination (internal local net == net which only exists as a tunnel)
client packet -> local net local net -> server server local packet -> gateway gateway -> tunnel device internal local net internal local net -> socks client (on server) socks client (on server) -> socks server (on server) socks server (on server) -> socks proxy socket on default route
A bit redundant and baroque, but if the components are coming off-the-shelf, it might be an economical implementation... I think I understand the scheme now, and the tunnel device and the general-purpose socks client seem to be the unimplemented components, yes?
In other words, to put them on the internet (by proxy). 8-).
It appears that way to the client, but in a correct masq implementation, they are not visible Internet objects. Only the gateway *exists*, and it incorporates the behaviour of the clients by aggregation in its life as an Internet host.
Hmm... it would seem worthwhile to find out *how* Linux does MTU discovery through a masquerade, or perhaps more appositely, *in*what*sense* it does so.