From owner-freebsd-questions Sat May 18 11:06:19 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id LAA12071 for questions-outgoing; Sat, 18 May 1996 11:06:19 -0700 (PDT) Received: from horst.bfd.com (horst.bfd.com [204.160.242.10]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id LAA12062 for ; Sat, 18 May 1996 11:06:16 -0700 (PDT) Received: from harlie.bfd.com (bastion.bfd.com [204.160.242.2]) by horst.bfd.com (8.7.5/8.7.3) with SMTP id LAA15662; Sat, 18 May 1996 11:10:57 -0700 (PDT) Date: Sat, 18 May 1996 11:07:09 -0700 (PDT) From: "Eric J. Schwertfeger" To: Terry Lambert cc: Archie Cobbs , terry@lambert.org, dwhite@riley-net170-164.uoregon.edu, clintm@ICSI.Net, FreeBSD-Questions@freebsd.org Subject: Re: ip masquerading In-Reply-To: <199605180113.SAA21448@phaeton.artisoft.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 17 May 1996, Terry Lambert wrote: > Which is to say, you turn on IP forwarding by default (which is illegal) > and rewrite the packet source headers on the way in and out (which is > also illegal). > Writing a socks client that hooks to a tunnel driver on the machine > that needs the masquerading is a better solution, and it doesn't > require kernel hacks to get there (or source hacks for statically > linked binaries, like normal socks does). And it does it without > violating the world. > > I guess you would need to write a tunnel client daemon (instead of > putting in about twice as much work to write IP masquerading, as > well as dragging the poor kernel into the mess). > > Seems like that would provide the same capability for less effort > with fewer drabacks -- but would require an OS (like FreeBSD) with > tunnel drivers to make it work. And as I've said before, Sorry, I don't have the source to Win95, so I can't do that. I agree that masquerading isn't a fix-all, or even the prefered method of handling this, but until Socks5 is to the point that it can "socksify" programs that I don't have source for, without interferring with regular operations, and do this under OS/2, Windows 3.X, NT, and Win95, then my choice is to run linux on our firewall and use masquerading, or to spend a few weeks of time that I haven't got figuring out how to proxy a bunch of non-standard services for apps that I haven't got source for.