From owner-freebsd-questions  Sun May 19 07:30:16 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA28829
          for questions-outgoing; Sun, 19 May 1996 07:30:16 -0700 (PDT)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id HAA28820
          for <FreeBSD-Questions@freebsd.org>; Sun, 19 May 1996 07:30:11 -0700 (PDT)
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id AAA19059; Mon, 20 May 1996 00:11:00 +0930
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199605191441.AAA19059@genesis.atrad.adelaide.edu.au>
Subject: Re: ip masquerading
To: ejs@bfd.com (Eric J. Schwertfeger)
Date: Mon, 20 May 1996 00:10:59 +0930 (CST)
Cc: terry@lambert.org, archie@whistle.com, dwhite@riley-net170-164.uoregon.edu,
        clintm@ICSI.Net, FreeBSD-Questions@freebsd.org
In-Reply-To: <Pine.BSF.3.91.960518105811.17730A-100000@harlie.bfd.com> from "Eric J. Schwertfeger" at May 18, 96 11:07:09 am
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Eric J. Schwertfeger stands accused of saying:
> And as I've said before, Sorry, I don't have the source to Win95, so I 
> can't do that.  I agree that masquerading isn't a fix-all, or even the 
> prefered method of handling this, but until Socks5 is to the point that 
> it can "socksify" programs that I don't have source for, without 
> interferring with regular operations, and do this under OS/2, Windows 
> 3.X, NT, and Win95, then my choice is to run linux on our firewall and 
> use masquerading, or to spend a few weeks of time that I haven't got 
> figuring out how to proxy a bunch of non-standard services for apps that 
> I haven't got source for.

Netscape supports SOCKS on all platforms.  For OS/2, WebEx, Kermit
(I believe telnet, but nobody in their right mind uses it) and Gopher
grok SOCKS at least.

I think this covers about 99% of your firewalled-client requirements.

Allowing firewalled systems access to the outer network is Bad Practise.

If you're adamant about packet rewriting (fool), then I believe that
ipfilt (Darren Reed?) offers this functionality in it's NPT module.

Hit the lists archive if you're really desperate, or get with the Program.

-- 
]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
]] High-speed data acquisition and      (GSM mobile) 0411-222-496       [[
]] realtime instrument control          (ph/fax)  +61-8-267-3039        [[
]] Collector of old Unix hardware.      "Where are your PEZ?" The Tick  [[