Date: Fri, 17 Nov 1995 21:41:10 -0800 (PST) From: Donald Burr <d_burr@ix.netcom.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: IP Masquerading under FreeBSD? Message-ID: <Pine.BSF.3.91.951117212959.689A-100000@ncc-1701-d>
next in thread | raw e-mail | index | archive | help
Linux apparently has the ability to "masquerade" IP addresses, so that addresses from ANY machine on my network will appear, to the outside world, as coming from only one address. for example: My home network uses the class C address 192.160.60.xxx. I connect to the outside world using PPP, and my PPP provider dynamically assigns me a address, usually in the range of (Class C) 204.32.201.xxx. BUT, my PPP provider DOES NOT know about my home-brew network (192.160.60.xxx), nor can they provide a static route to it. Thus, accessing the outside world from 192.160.60.100 (which happens to be my freeBSD machine, running ppp) works fine, BUT if I try to access the outside world from any of the various other DOS, Win95, OS/2, ... boxes in my house won't work, because, even though my FreeBSD machine forwards packets, the other internet machine I'm trying to communicate with doesn't have a clue as to how to reach the 192.160.60.xxx network. What the IP_MASQUERADE thing that Linux implements does, is to "masquerade" packets coming from all machines on my 192.160.60.xxx network, dynamically "rewriting" them to "pretend" like they're all coming from one machine (mainly, the address that my PPP provider assigns me, 204.32.201.xxx.) THIS way, the machine I'm trying to talk to, knows how to get to the 204.32.201.xxx net, and everything's happy. The follownig blurb from the Linux NET-2-HOWTO file should (hopefully) better explain exactly what I'm trying to say: -----cut here 13.11. IP_MASQUERADE - allow a number of hosts to pretend to be one. If you are one of the many people who have some sort of local network at home, whether it be a couple of machine connected via a slip/plip/ppp link to each other, or a number of machines connected to a private ethernet network who also has a dial-up Internet connection then you have probably at one time or another wanted the machines not directly connected to be able to communicate with the Internet. This is normally achieved by getting a valid register IP network address for your local network and asking your Internet Service Provider to kindly provide a network route to your network connection instead of the single host route they were previously providing. Unfortunately many Internet Service Providers will ask you to provide a good deal more dollars for the priveledge of better utilising the bandwidth of your connection and you probably don't much like that idea. IP_MASQUERADING provides a clever solution to this problem by making all of the machines on your network look like one very active networked machine. It does this by performing real-time, on the fly address translations. Most of the code was authored by Pauline Middelink <middelin@polyware.iaf.nl>. Ken Eaves <keves@eves.com provided most the information contained below and also provides the facilities to run the `masq' mailing list, so if you find the following helpful, thank Ken. -----cut here Anyway, my question is : Does FreeBSD do something similar, if not identical? Is it currently available, or is it still "in the works"? And if so, where do I get it (what ftp site to grab the softwware from, etc.) and what software, specifically, do I need? Any and all help appreciated, thanks! Donald Burr [d_burr@ix.netcom.com], PO Box 91212, Santa Barbara CA 93190-1212 TEL (805)564-1871 // FAX 564-2315 // WWW http://www.physics.ucsb.edu/~dburr PGP Public Key available by request (send e-mail) or Public Key Servers. ** Uphold your right to privacy - Use PGP. **
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.951117212959.689A-100000>