Date: Sat, 18 May 1996 08:43:34 -0700 From: bmah@cs.berkeley.edu (Bruce A. Mah) To: Tony Kimball <alk@think.com> Cc: terry@lambert.org, questions@freebsd.org, archie@whistle.com Subject: Re: ip masquerading Message-ID: <199605181543.IAA04246@premise.CS.Berkeley.EDU> In-Reply-To: Your message of "Fri, 17 May 1996 21:46:48 CDT." <199605180246.VAA00761@compound.Think.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Tony Kimball writes: > From: Terry Lambert <terry@lambert.org> > Date: Fri, 17 May 1996 18:13:39 -0700 (MST) > Subject: Re: ip masquerading > > > You give all of the outgoing > > packets the same IP address but remap their source ports so when > > traffic comes back you know who it is really destined for, do the > > reverse mapping, etc.. > > Which is to say, you turn on IP forwarding by default (which is illegal) > and rewrite the packet source headers on the way in and out (which is > also illegal). > > If anyone knows how these actions are in violation of a requirement, > I'd surely appreciate a pointer to the pertinent rfc. They are part > of the implementation of the IP stack on the host, which in this case > is the *system* incorporating the masquerading server and client. > Internet requirements documents do not specify implementation, merely > interface. You're not alone...I'm trying to figure this out too. I've been looking through RFC 1122 (Host Requirements - Communications Layers) and RFC 1812 (Requirements for IP Version 4 Routers). I think these are probably the right places to find info related to this topic, but so far I haven't found it. All I've been able to confirm so far is that turning on IP forwarding by default *is* illegal, by section 3.1 of RFC 1122. It's not clear to me that IP masquerading violates this requirement. > > At least under the (not always valid) assumption that you don't run > > out of ports in your remapping range. What standards in particular are > > you referring to? > > 1) Gateway > 2) Routing > > Garrett explained this all before. > > I haven't been able to find anything in the archives. If you have > it cached anywhere or can suggest a more apposite keyword, I would > appreciate it. A search for "masquerading and garrett" across all the FreeBSD archives uncovered one previous discussion on this topic, but no reference to an RFC. Ditto for "masquerading and rfc". I can understand people's opposition to IP masquerading. Indeed, I share a lot of these opinions...I suppose above everything else, this idea just plain feels wrong! I'd really like to have something concrete to go on though, but citing "All the routing RFCs" and "Garrett explained this all before" isn't necessarily helpful. Maybe I'm just plain stupid or something, but if Terry or Garrett could point to the right RFC, internet-draft, FYI, or whatever, I'd be real happy. In peace, Bruce.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605181543.IAA04246>