61 messages in org.freebsd.freebsd-questionsRe: ip masquerading| From | Sent On | Attachments |
|---|---|---|
| Clint Marek | May 16, 1996 8:02 pm | |
| Doug White | May 17, 1996 11:33 am | |
| Tony Kimball | May 17, 1996 2:11 pm | |
| Terry Lambert | May 17, 1996 2:23 pm | |
| Tony Kimball | May 17, 1996 6:04 pm | |
| Archie Cobbs | May 17, 1996 6:05 pm | |
| Terry Lambert | May 17, 1996 6:13 pm | |
| Tony Kimball | May 17, 1996 7:46 pm | |
| Terry Lambert | May 17, 1996 10:48 pm | |
| Archie Cobbs | May 18, 1996 1:23 am | |
| francis yeung | May 18, 1996 5:26 am | |
| Bruce A. Mah | May 18, 1996 8:43 am | |
| Eric J. Schwertfeger | May 18, 1996 11:06 am | |
| Stephen Hovey | May 18, 1996 11:59 am | |
| Archie Cobbs | May 18, 1996 1:05 pm | |
| Terry Lambert | May 18, 1996 3:15 pm | |
| Clint Marek | May 18, 1996 10:09 pm | |
| Michael Smith | May 18, 1996 10:36 pm | |
| Tony Kimball | May 19, 1996 12:50 am | |
| Carl Makin | May 19, 1996 5:01 am | |
| Pedro A M Vazquez | May 19, 1996 6:01 am | |
| Michael Smith | May 19, 1996 7:40 am | |
| Charlie ROOT | May 19, 1996 4:37 pm | |
| Michael Smith | May 19, 1996 7:07 pm | |
| Garrett Wollman | May 20, 1996 7:40 am | |
| Bruce A. Mah | May 20, 1996 8:37 am | |
| Tony Kimball | May 20, 1996 11:48 am | |
| Jim Dennis | May 20, 1996 12:47 pm | |
| Garrett Wollman | May 20, 1996 1:29 pm | |
| Tony Kimball | May 20, 1996 1:36 pm | |
| Terry Lambert | May 20, 1996 3:22 pm | |
| Terry Lambert | May 20, 1996 3:28 pm | |
| Terry Lambert | May 20, 1996 3:32 pm | |
| Gary Palmer | May 20, 1996 3:34 pm | |
| Archie Cobbs | May 20, 1996 3:42 pm | |
| Terry Lambert | May 20, 1996 3:45 pm | |
| Terry Lambert | May 20, 1996 3:56 pm | |
| Terry Lambert | May 20, 1996 4:15 pm | |
| Tony Kimball | May 20, 1996 4:54 pm | |
| Tony Kimball | May 20, 1996 5:09 pm | |
| Bruce A. Mah | May 20, 1996 5:10 pm | |
| Bruce A. Mah | May 20, 1996 5:23 pm | |
| Tony Kimball | May 20, 1996 5:25 pm | |
| Michael Smith | May 20, 1996 6:38 pm | |
| Terry Lambert | May 20, 1996 6:47 pm | |
| Jim Dennis | May 20, 1996 8:13 pm | |
| Tony Kimball | May 20, 1996 8:24 pm | |
| Jim Dennis | May 20, 1996 9:14 pm | |
| Terry Lambert | May 20, 1996 9:30 pm | |
| Terry Lambert | May 20, 1996 9:34 pm | |
| Tony Kimball | May 20, 1996 10:02 pm | |
| Bruce A. Mah | May 20, 1996 10:12 pm | |
| Bruce A. Mah | May 20, 1996 10:44 pm | |
| Tony Kimball | May 20, 1996 10:47 pm | |
| M.R.Murphy | May 21, 1996 5:59 am | |
| Carl Makin | May 21, 1996 6:46 am | |
| Terry Lambert | May 21, 1996 10:40 am | |
| Terry Lambert | May 21, 1996 10:45 am | |
| Scott Blachowicz | May 22, 1996 9:28 am | |
| Pedro A M Vazquez | May 22, 1996 11:13 am | |
| Bill Fenner | May 22, 1996 11:45 am |
| Subject: | Re: ip masquerading | |
|---|---|---|
| From: | Terry Lambert (ter...@lambert.org) | |
| Date: | May 17, 1996 6:13:19 pm | |
| List: | org.freebsd.freebsd-questions | |
Which is to say, everyone who understands the problem.
Hmmm... guess I don't understand the problem. :-)
Just to make sure we're talking about the same thing, ``masquerading'' means using remapped TCP and UDP port numbers to facilitate internal hosts connecting to external servers, even though you only have one machine really talking to the Internet. You give all of the outgoing packets the same IP address but remap their source ports so when traffic comes back you know who it is really destined for, do the reverse mapping, etc..
Which is to say, you turn on IP forwarding by default (which is illegal) and rewrite the packet source headers on the way in and out (which is also illegal).
Now, as far as the rest of the Internet is concerned, it just looks like your one IP address happens to be generating a lot of traffic, no?
Prove it. Run traceroute through a masquerading host.
At least under the (not always valid) assumption that you don't run out of ports in your remapping range. What standards in particular are you referring to?
1) Gateway 2) Routing
Garrett explained this all before.
Of course, some protocols (which embed address information in the packets, like FTP) will not work through this kind of hackery without even more hackery, but at least it provides a capability to certain folks who didn't have it before. Seems like it would be one's own business whether they did masquerading or not.
Writing a socks client that hooks to a tunnel driver on the machine that needs the masquerading is a better solution, and it doesn't require kernel hacks to get there (or source hacks for statically linked binaries, like normal socks does). And it does it without violating the world.
I guess you would need to write a tunnel client daemon (instead of putting in about twice as much work to write IP masquerading, as well as dragging the poor kernel into the mess).
Seems like that would provide the same capability for less effort with fewer drabacks -- but would require an OS (like FreeBSD) with tunnel drivers to make it work.
Terry Lambert ter...@lambert.org
--- Any opinions in this posting are my own and not those of my present or previous employers.