61 messages in org.freebsd.freebsd-questionsRe: ip masquerading| From | Sent On | Attachments |
|---|---|---|
| Clint Marek | May 16, 1996 8:02 pm | |
| Doug White | May 17, 1996 11:33 am | |
| Tony Kimball | May 17, 1996 2:11 pm | |
| Terry Lambert | May 17, 1996 2:23 pm | |
| Tony Kimball | May 17, 1996 6:04 pm | |
| Archie Cobbs | May 17, 1996 6:05 pm | |
| Terry Lambert | May 17, 1996 6:13 pm | |
| Tony Kimball | May 17, 1996 7:46 pm | |
| Terry Lambert | May 17, 1996 10:48 pm | |
| Archie Cobbs | May 18, 1996 1:23 am | |
| francis yeung | May 18, 1996 5:26 am | |
| Bruce A. Mah | May 18, 1996 8:43 am | |
| Eric J. Schwertfeger | May 18, 1996 11:06 am | |
| Stephen Hovey | May 18, 1996 11:59 am | |
| Archie Cobbs | May 18, 1996 1:05 pm | |
| Terry Lambert | May 18, 1996 3:15 pm | |
| Clint Marek | May 18, 1996 10:09 pm | |
| Michael Smith | May 18, 1996 10:36 pm | |
| Tony Kimball | May 19, 1996 12:50 am | |
| Carl Makin | May 19, 1996 5:01 am | |
| Pedro A M Vazquez | May 19, 1996 6:01 am | |
| Michael Smith | May 19, 1996 7:40 am | |
| Charlie ROOT | May 19, 1996 4:37 pm | |
| Michael Smith | May 19, 1996 7:07 pm | |
| Garrett Wollman | May 20, 1996 7:40 am | |
| Bruce A. Mah | May 20, 1996 8:37 am | |
| Tony Kimball | May 20, 1996 11:48 am | |
| Jim Dennis | May 20, 1996 12:47 pm | |
| Garrett Wollman | May 20, 1996 1:29 pm | |
| Tony Kimball | May 20, 1996 1:36 pm | |
| Terry Lambert | May 20, 1996 3:22 pm | |
| Terry Lambert | May 20, 1996 3:28 pm | |
| Terry Lambert | May 20, 1996 3:32 pm | |
| Gary Palmer | May 20, 1996 3:34 pm | |
| Archie Cobbs | May 20, 1996 3:42 pm | |
| Terry Lambert | May 20, 1996 3:45 pm | |
| Terry Lambert | May 20, 1996 3:56 pm | |
| Terry Lambert | May 20, 1996 4:15 pm | |
| Tony Kimball | May 20, 1996 4:54 pm | |
| Tony Kimball | May 20, 1996 5:09 pm | |
| Bruce A. Mah | May 20, 1996 5:10 pm | |
| Bruce A. Mah | May 20, 1996 5:23 pm | |
| Tony Kimball | May 20, 1996 5:25 pm | |
| Michael Smith | May 20, 1996 6:38 pm | |
| Terry Lambert | May 20, 1996 6:47 pm | |
| Jim Dennis | May 20, 1996 8:13 pm | |
| Tony Kimball | May 20, 1996 8:24 pm | |
| Jim Dennis | May 20, 1996 9:14 pm | |
| Terry Lambert | May 20, 1996 9:30 pm | |
| Terry Lambert | May 20, 1996 9:34 pm | |
| Tony Kimball | May 20, 1996 10:02 pm | |
| Bruce A. Mah | May 20, 1996 10:12 pm | |
| Bruce A. Mah | May 20, 1996 10:44 pm | |
| Tony Kimball | May 20, 1996 10:47 pm | |
| M.R.Murphy | May 21, 1996 5:59 am | |
| Carl Makin | May 21, 1996 6:46 am | |
| Terry Lambert | May 21, 1996 10:40 am | |
| Terry Lambert | May 21, 1996 10:45 am | |
| Scott Blachowicz | May 22, 1996 9:28 am | |
| Pedro A M Vazquez | May 22, 1996 11:13 am | |
| Bill Fenner | May 22, 1996 11:45 am |
| Subject: | Re: ip masquerading | |
|---|---|---|
| From: | Tony Kimball (al...@Think.COM) | |
| Date: | May 20, 1996 5:09:42 pm | |
| List: | org.freebsd.freebsd-questions | |
From: Terry Lambert <ter...@lambert.org> Date: Mon, 20 May 1996 15:45:51 -0700 (MST)
This is one of the *big* problems I see. The recovery mechanism to get around this requires an intelligent client (ie: not Windows 95) and the ability to recover state (ie: the client knows the state, too (ie: not Linux-style "masqueraing").
Couldn't state be inferred from the retry packets?
The packet rewriting is a bit annoying; on the other hand, there are a finite number of protocols that really need to be supported this way, so it's bad, but it's not as bad as it could be.
It would be nice to pull out the rewriting stuff into loadable rule sets.
Socks really wants two additional tunnel-to-socks and socks-to-tunnel daemons written; using two private nets, this would let you run a private net of socks-unaware hosts that get their packets proxied by setting up a default route, a private net route to one tunnel on one private net, and a default route to the other tunnel on the private net with the dumb hosts. Effectively, a gateway LLB in user space.
I'm trying to picture this, but I'm crippled by lack of understanding of the tunnel device. There is a box, G. It has a network interface, I(G), on the Internet. It has a network interface, P(G), on a private net. Hosts on network P route through P(G) to get out through I(G). G is implementing masquerade, then. I don't understand what you are saying about the structure of the implementation.
> 4. It's not a general purpose solution (e.g. ICMP doesn't work...
The is the second of the *big* problems.
I don't understand why it is a big problem. It is a big problem if you are trying to put the private machines on the Internet, but I don't see that as being the goal. The goal is to get TCP applications (and secondarily UDP applications) to run transparently from a private network home through an Internet gateway. If the gateway violates host requirements, *that* is a problem.