61 messages in org.freebsd.freebsd-questionsRe: ip masquerading | From | Sent On | Attachments |
|---|---|---|
| Clint Marek | May 16, 1996 8:02 pm | |
| Doug White | May 17, 1996 11:33 am | |
| Tony Kimball | May 17, 1996 2:11 pm | |
| Terry Lambert | May 17, 1996 2:23 pm | |
| Tony Kimball | May 17, 1996 6:04 pm | |
| Archie Cobbs | May 17, 1996 6:05 pm | |
| Terry Lambert | May 17, 1996 6:13 pm | |
| Tony Kimball | May 17, 1996 7:46 pm | |
| Terry Lambert | May 17, 1996 10:48 pm | |
| Archie Cobbs | May 18, 1996 1:23 am | |
| francis yeung | May 18, 1996 5:26 am | |
| Bruce A. Mah | May 18, 1996 8:43 am | |
| Eric J. Schwertfeger | May 18, 1996 11:06 am | |
| Stephen Hovey | May 18, 1996 11:59 am | |
| Archie Cobbs | May 18, 1996 1:05 pm | |
| Terry Lambert | May 18, 1996 3:15 pm | |
| Clint Marek | May 18, 1996 10:09 pm | |
| Michael Smith | May 18, 1996 10:36 pm | |
| Tony Kimball | May 19, 1996 12:50 am | |
| Carl Makin | May 19, 1996 5:01 am | |
| Pedro A M Vazquez | May 19, 1996 6:01 am | |
| Michael Smith | May 19, 1996 7:40 am | |
| Charlie ROOT | May 19, 1996 4:37 pm | |
| Michael Smith | May 19, 1996 7:07 pm | |
| Garrett Wollman | May 20, 1996 7:40 am | |
| Bruce A. Mah | May 20, 1996 8:37 am | |
| Tony Kimball | May 20, 1996 11:48 am | |
| Jim Dennis | May 20, 1996 12:47 pm | |
| Garrett Wollman | May 20, 1996 1:29 pm | |
| Tony Kimball | May 20, 1996 1:36 pm | |
| Terry Lambert | May 20, 1996 3:22 pm | |
| Terry Lambert | May 20, 1996 3:28 pm | |
| Terry Lambert | May 20, 1996 3:32 pm | |
| Gary Palmer | May 20, 1996 3:34 pm | |
| Archie Cobbs | May 20, 1996 3:42 pm | |
| Terry Lambert | May 20, 1996 3:45 pm | |
| Terry Lambert | May 20, 1996 3:56 pm | |
| Terry Lambert | May 20, 1996 4:15 pm | |
| Tony Kimball | May 20, 1996 4:54 pm | |
| Tony Kimball | May 20, 1996 5:09 pm | |
| Bruce A. Mah | May 20, 1996 5:10 pm | |
| Bruce A. Mah | May 20, 1996 5:23 pm | |
| Tony Kimball | May 20, 1996 5:25 pm | |
| Michael Smith | May 20, 1996 6:38 pm | |
| Terry Lambert | May 20, 1996 6:47 pm | |
| Jim Dennis | May 20, 1996 8:13 pm | |
| Tony Kimball | May 20, 1996 8:24 pm | |
| Jim Dennis | May 20, 1996 9:14 pm | |
| Terry Lambert | May 20, 1996 9:30 pm | |
| Terry Lambert | May 20, 1996 9:34 pm | |
| Tony Kimball | May 20, 1996 10:02 pm | |
| Bruce A. Mah | May 20, 1996 10:12 pm | |
| Bruce A. Mah | May 20, 1996 10:44 pm | |
| Tony Kimball | May 20, 1996 10:47 pm | |
| M.R.Murphy | May 21, 1996 5:59 am | |
| Carl Makin | May 21, 1996 6:46 am | |
| Terry Lambert | May 21, 1996 10:40 am | |
| Terry Lambert | May 21, 1996 10:45 am | |
| Scott Blachowicz | May 22, 1996 9:28 am | |
| Pedro A M Vazquez | May 22, 1996 11:13 am | |
| Bill Fenner | May 22, 1996 11:45 am |
| Subject: | Re: ip masquerading | |
|---|---|---|
| From: | Bruce A. Mah (bm...@cs.berkeley.edu) | |
| Date: | May 18, 1996 8:43:14 am | |
| List: | org.freebsd.freebsd-questions | |
Tony Kimball writes:
From: Terry Lambert <ter...@lambert.org> Date: Fri, 17 May 1996 18:13:39 -0700 (MST) Subject: Re: ip masquerading
> You give all of the outgoing > packets the same IP address but remap their source ports so when > traffic comes back you know who it is really destined for, do the > reverse mapping, etc..
Which is to say, you turn on IP forwarding by default (which is illegal) and rewrite the packet source headers on the way in and out (which is also illegal).
If anyone knows how these actions are in violation of a requirement, I'd surely appreciate a pointer to the pertinent rfc. They are part of the implementation of the IP stack on the host, which in this case is the *system* incorporating the masquerading server and client. Internet requirements documents do not specify implementation, merely interface.
You're not alone...I'm trying to figure this out too. I've been looking through RFC 1122 (Host Requirements - Communications Layers) and RFC 1812 (Requirements for IP Version 4 Routers). I think these are probably the right places to find info related to this topic, but so far I haven't found it.
All I've been able to confirm so far is that turning on IP forwarding by default *is* illegal, by section 3.1 of RFC 1122. It's not clear to me that IP masquerading violates this requirement.
> At least under the (not always valid) assumption that you don't run > out of ports in your remapping range. What standards in particular are > you referring to?
1) Gateway 2) Routing
Garrett explained this all before.
I haven't been able to find anything in the archives. If you have it cached anywhere or can suggest a more apposite keyword, I would appreciate it.
A search for "masquerading and garrett" across all the FreeBSD archives uncovered one previous discussion on this topic, but no reference to an RFC. Ditto for "masquerading and rfc".
I can understand people's opposition to IP masquerading. Indeed, I share a lot of these opinions...I suppose above everything else, this idea just plain feels wrong! I'd really like to have something concrete to go on though, but citing "All the routing RFCs" and "Garrett explained this all before" isn't necessarily helpful. Maybe I'm just plain stupid or something, but if Terry or Garrett could point to the right RFC, internet-draft, FYI, or whatever, I'd be real happy.
In peace,
Bruce.