From owner-freebsd-questions Fri May 17 18:07:11 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id SAA07383 for questions-outgoing; Fri, 17 May 1996 18:07:11 -0700 (PDT) Received: from whistle.com ([207.76.205.131]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id SAA07378 for ; Fri, 17 May 1996 18:07:09 -0700 (PDT) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id SAA21498; Fri, 17 May 1996 18:06:34 -0700 (PDT) X-Authentication-Warning: whistle.com: smap set sender to using -f Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma021494; Fri May 17 18:06:09 1996 Received: (from archie@localhost) by bubba.whistle.com (8.6.12/8.6.12) id SAA00742; Fri, 17 May 1996 18:06:08 -0700 From: Archie Cobbs Message-Id: <199605180106.SAA00742@bubba.whistle.com> Subject: Re: ip masquerading To: terry@lambert.org (Terry Lambert) Date: Fri, 17 May 1996 18:06:07 -0700 (PDT) Cc: dwhite@riley-net170-164.uoregon.edu, clintm@ICSI.Net, FreeBSD-Questions@freebsd.org In-Reply-To: <199605172123.OAA20745@phaeton.artisoft.com> from "Terry Lambert" at May 17, 96 02:23:27 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > Is ip masquerading available for FreeBSD? I would like to route > > > my Amiga (via NetBSD/ethernet) through my PC (FreeBSD), and I > > > only have one IP address. I had this set up in Linux, but after > > > I had a disk crash (which I don't think was Linux-related) I > > > would like to give FreeBSD a try. If there is no masquerading > > > availabe, is it being worked on? > > > > AFAIK, FreeBSD doesn't provide this capability. I doubt it ever will, sinc > > IP masqerading was considered "evil" by some of the group :-) > > Actually, the only people who believe that it is evil are those > of us who believe FreeBSD should comply with IETF standards so > that the backbone routers don't refuse to connect us to the > Internet. > > Which is to say, everyone who understands the problem. Hmmm... guess I don't understand the problem. :-) Just to make sure we're talking about the same thing, ``masquerading'' means using remapped TCP and UDP port numbers to facilitate internal hosts connecting to external servers, even though you only have one machine really talking to the Internet. You give all of the outgoing packets the same IP address but remap their source ports so when traffic comes back you know who it is really destined for, do the reverse mapping, etc.. Now, as far as the rest of the Internet is concerned, it just looks like your one IP address happens to be generating a lot of traffic, no? At least under the (not always valid) assumption that you don't run out of ports in your remapping range. What standards in particular are you referring to? Of course, some protocols (which embed address information in the packets, like FTP) will not work through this kind of hackery without even more hackery, but at least it provides a capability to certain folks who didn't have it before. Seems like it would be one's own business whether they did masquerading or not. -Archie ___________________________________________________________________________ Archie L. Cobbs, archie@whistle.com * Whistle Communications Corporation