61 messages in org.freebsd.freebsd-questionsRe: ip masquerading | From | Sent On | Attachments |
|---|---|---|
| Clint Marek | May 16, 1996 8:02 pm | |
| Doug White | May 17, 1996 11:33 am | |
| Tony Kimball | May 17, 1996 2:11 pm | |
| Terry Lambert | May 17, 1996 2:23 pm | |
| Tony Kimball | May 17, 1996 6:04 pm | |
| Archie Cobbs | May 17, 1996 6:05 pm | |
| Terry Lambert | May 17, 1996 6:13 pm | |
| Tony Kimball | May 17, 1996 7:46 pm | |
| Terry Lambert | May 17, 1996 10:48 pm | |
| Archie Cobbs | May 18, 1996 1:23 am | |
| francis yeung | May 18, 1996 5:26 am | |
| Bruce A. Mah | May 18, 1996 8:43 am | |
| Eric J. Schwertfeger | May 18, 1996 11:06 am | |
| Stephen Hovey | May 18, 1996 11:59 am | |
| Archie Cobbs | May 18, 1996 1:05 pm | |
| Terry Lambert | May 18, 1996 3:15 pm | |
| Clint Marek | May 18, 1996 10:09 pm | |
| Michael Smith | May 18, 1996 10:36 pm | |
| Tony Kimball | May 19, 1996 12:50 am | |
| Carl Makin | May 19, 1996 5:01 am | |
| Pedro A M Vazquez | May 19, 1996 6:01 am | |
| Michael Smith | May 19, 1996 7:40 am | |
| Charlie ROOT | May 19, 1996 4:37 pm | |
| Michael Smith | May 19, 1996 7:07 pm | |
| Garrett Wollman | May 20, 1996 7:40 am | |
| Bruce A. Mah | May 20, 1996 8:37 am | |
| Tony Kimball | May 20, 1996 11:48 am | |
| Jim Dennis | May 20, 1996 12:47 pm | |
| Garrett Wollman | May 20, 1996 1:29 pm | |
| Tony Kimball | May 20, 1996 1:36 pm | |
| Terry Lambert | May 20, 1996 3:22 pm | |
| Terry Lambert | May 20, 1996 3:28 pm | |
| Terry Lambert | May 20, 1996 3:32 pm | |
| Gary Palmer | May 20, 1996 3:34 pm | |
| Archie Cobbs | May 20, 1996 3:42 pm | |
| Terry Lambert | May 20, 1996 3:45 pm | |
| Terry Lambert | May 20, 1996 3:56 pm | |
| Terry Lambert | May 20, 1996 4:15 pm | |
| Tony Kimball | May 20, 1996 4:54 pm | |
| Tony Kimball | May 20, 1996 5:09 pm | |
| Bruce A. Mah | May 20, 1996 5:10 pm | |
| Bruce A. Mah | May 20, 1996 5:23 pm | |
| Tony Kimball | May 20, 1996 5:25 pm | |
| Michael Smith | May 20, 1996 6:38 pm | |
| Terry Lambert | May 20, 1996 6:47 pm | |
| Jim Dennis | May 20, 1996 8:13 pm | |
| Tony Kimball | May 20, 1996 8:24 pm | |
| Jim Dennis | May 20, 1996 9:14 pm | |
| Terry Lambert | May 20, 1996 9:30 pm | |
| Terry Lambert | May 20, 1996 9:34 pm | |
| Tony Kimball | May 20, 1996 10:02 pm | |
| Bruce A. Mah | May 20, 1996 10:12 pm | |
| Bruce A. Mah | May 20, 1996 10:44 pm | |
| Tony Kimball | May 20, 1996 10:47 pm | |
| M.R.Murphy | May 21, 1996 5:59 am | |
| Carl Makin | May 21, 1996 6:46 am | |
| Terry Lambert | May 21, 1996 10:40 am | |
| Terry Lambert | May 21, 1996 10:45 am | |
| Scott Blachowicz | May 22, 1996 9:28 am | |
| Pedro A M Vazquez | May 22, 1996 11:13 am | |
| Bill Fenner | May 22, 1996 11:45 am |
| Subject: | Re: ip masquerading | |
|---|---|---|
| From: | Bruce A. Mah (bm...@cs.berkeley.edu) | |
| Date: | May 20, 1996 5:10:23 pm | |
| List: | org.freebsd.freebsd-questions | |
"Gary Palmer" writes:
Tony Kimball wrote in message ID <1996...@compound.Think.COM>:
[snip]
1. It introduces hard state in the gateway machine. If the gateway goes down and comes back up, you lose all the connections through it. Note that some other approaches such as application-specific gateways have this problem too.
To my knowledge no solution is proposed which does not. I think that an RFC on the subject is needed, frankly, to update requirements in a manner which removes the need for gateway state. This point is an argument against solving the problem, not against solving it by masquerade.
No thankyou. TCP is inherintely non-stateless (heck, it has a state machine as part of it's basic operation). Putting in non-stateless hacks will just really screw things up. Do you know why Sun's NFS is so poor performance wise? One reason (among many) - the server cannot keep any state information about the clients...
I'm going to use "stateful" == "non-stateless", to eliminate a double negative. :-) Making gateways stateful goes against one of the basic design principles of the Internet, which calls for having as little "hard state" as possible. In other words, if you need to maintain state in your network, make sure your network won't break if it goes away. This has allowed the Internet routing infrastructure to be extremely adaptable to various failures (including downtime of gateways).
Putting all of this stuff in a gateway is going to be difficult to do cleanly, since you're subjected to the disadvantages of both "religions".
4. It's not a general purpose solution (e.g. ICMP doesn't work, UDP support is a hack). For example, how would I ping outside my local network to track down problems?
From the masquerade host. ICMP works fine, to the network interface of the *system*. UDP is not a host requirement.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ To Tony: Are you saying that just because FTP, telnet, and Web don't run over UDP it's not important? I respectfully disagree.
One reason for having masquerade is to allow you to offload shell processing load from the gateway. You are promptly putting that load back on. Garrett has his reasons for not liking masquerading, I have mine.
Hadn't thought about this...I guess if your machine is CPU-challenged this could be an issue.
Bruce.