61 messages in org.freebsd.freebsd-questionsRe: ip masquerading| From | Sent On | Attachments |
|---|---|---|
| Clint Marek | May 16, 1996 8:02 pm | |
| Doug White | May 17, 1996 11:33 am | |
| Tony Kimball | May 17, 1996 2:11 pm | |
| Terry Lambert | May 17, 1996 2:23 pm | |
| Tony Kimball | May 17, 1996 6:04 pm | |
| Archie Cobbs | May 17, 1996 6:05 pm | |
| Terry Lambert | May 17, 1996 6:13 pm | |
| Tony Kimball | May 17, 1996 7:46 pm | |
| Terry Lambert | May 17, 1996 10:48 pm | |
| Archie Cobbs | May 18, 1996 1:23 am | |
| francis yeung | May 18, 1996 5:26 am | |
| Bruce A. Mah | May 18, 1996 8:43 am | |
| Eric J. Schwertfeger | May 18, 1996 11:06 am | |
| Stephen Hovey | May 18, 1996 11:59 am | |
| Archie Cobbs | May 18, 1996 1:05 pm | |
| Terry Lambert | May 18, 1996 3:15 pm | |
| Clint Marek | May 18, 1996 10:09 pm | |
| Michael Smith | May 18, 1996 10:36 pm | |
| Tony Kimball | May 19, 1996 12:50 am | |
| Carl Makin | May 19, 1996 5:01 am | |
| Pedro A M Vazquez | May 19, 1996 6:01 am | |
| Michael Smith | May 19, 1996 7:40 am | |
| Charlie ROOT | May 19, 1996 4:37 pm | |
| Michael Smith | May 19, 1996 7:07 pm | |
| Garrett Wollman | May 20, 1996 7:40 am | |
| Bruce A. Mah | May 20, 1996 8:37 am | |
| Tony Kimball | May 20, 1996 11:48 am | |
| Jim Dennis | May 20, 1996 12:47 pm | |
| Garrett Wollman | May 20, 1996 1:29 pm | |
| Tony Kimball | May 20, 1996 1:36 pm | |
| Terry Lambert | May 20, 1996 3:22 pm | |
| Terry Lambert | May 20, 1996 3:28 pm | |
| Terry Lambert | May 20, 1996 3:32 pm | |
| Gary Palmer | May 20, 1996 3:34 pm | |
| Archie Cobbs | May 20, 1996 3:42 pm | |
| Terry Lambert | May 20, 1996 3:45 pm | |
| Terry Lambert | May 20, 1996 3:56 pm | |
| Terry Lambert | May 20, 1996 4:15 pm | |
| Tony Kimball | May 20, 1996 4:54 pm | |
| Tony Kimball | May 20, 1996 5:09 pm | |
| Bruce A. Mah | May 20, 1996 5:10 pm | |
| Bruce A. Mah | May 20, 1996 5:23 pm | |
| Tony Kimball | May 20, 1996 5:25 pm | |
| Michael Smith | May 20, 1996 6:38 pm | |
| Terry Lambert | May 20, 1996 6:47 pm | |
| Jim Dennis | May 20, 1996 8:13 pm | |
| Tony Kimball | May 20, 1996 8:24 pm | |
| Jim Dennis | May 20, 1996 9:14 pm | |
| Terry Lambert | May 20, 1996 9:30 pm | |
| Terry Lambert | May 20, 1996 9:34 pm | |
| Tony Kimball | May 20, 1996 10:02 pm | |
| Bruce A. Mah | May 20, 1996 10:12 pm | |
| Bruce A. Mah | May 20, 1996 10:44 pm | |
| Tony Kimball | May 20, 1996 10:47 pm | |
| M.R.Murphy | May 21, 1996 5:59 am | |
| Carl Makin | May 21, 1996 6:46 am | |
| Terry Lambert | May 21, 1996 10:40 am | |
| Terry Lambert | May 21, 1996 10:45 am | |
| Scott Blachowicz | May 22, 1996 9:28 am | |
| Pedro A M Vazquez | May 22, 1996 11:13 am | |
| Bill Fenner | May 22, 1996 11:45 am |
| Subject: | Re: ip masquerading | |
|---|---|---|
| From: | Tony Kimball (al...@Think.COM) | |
| Date: | May 17, 1996 7:46:28 pm | |
| List: | org.freebsd.freebsd-questions | |
From: Terry Lambert <ter...@lambert.org> Date: Fri, 17 May 1996 18:13:39 -0700 (MST) Subject: Re: ip masquerading
> You give all of the outgoing > packets the same IP address but remap their source ports so when > traffic comes back you know who it is really destined for, do the > reverse mapping, etc..
Which is to say, you turn on IP forwarding by default (which is illegal) and rewrite the packet source headers on the way in and out (which is also illegal).
If anyone knows how these actions are in violation of a requirement, I'd surely appreciate a pointer to the pertinent rfc. They are part of the implementation of the IP stack on the host, which in this case is the *system* incorporating the masquerading server and client. Internet requirements documents do not specify implementation, merely interface.
> Now, as far as the rest of the Internet is concerned, it just looks > like your one IP address happens to be generating a lot of traffic, no?
Prove it. Run traceroute through a masquerading host.
Clearly the implemenation would terminate the route at the masquerading host, yes? You would not trace through, but to, the Internet interface of the multi-host system.
> At least under the (not always valid) assumption that you don't run > out of ports in your remapping range. What standards in particular are > you referring to?
1) Gateway 2) Routing
Garrett explained this all before.
I haven't been able to find anything in the archives. If you have it cached anywhere or can suggest a more apposite keyword, I would appreciate it.
Frankly, I just don't believe it. You may write an implementation of masquerading which is deficient, and causes your host to violate requirements, in which case you are a turd and I sniff at you, or you may write an implementation which is not deficient, in which case the masquerade client is (for rfc purposes) a *part*of* your masquerade server, and the *system* fulfills host requirements -- and that is all that is necessary, for it is the *system* (incorporating an internetwork as a component) which is connected to the Internet.
Writing a socks client that hooks to a tunnel driver on the machine that needs the masquerading is a better solution, and it doesn't require kernel hacks to get there (or source hacks for statically linked binaries, like normal socks does). And it does it without violating the world.
Ah, but it requires running FreeBSD on my toaster, my Amiga, my lawnmower, in short everything I have that does IP traffic. Sorry, but my toaster is not going to fulfill host requirements. In order to conform to rfcs, I need something to provide masquerade for my toaster, otherwise I will never be able to turn of the stupid thing when I'm in Bangkok, and the flaming pop-tarts will burn down my house.