Date: Sat, 18 May 1996 12:27:16 +0000 () From: francis yeung <fyeung@fyeung5.netific.com> To: questions@freebsd.org Subject: Re: ip masquerading Message-ID: <199605181227.MAA21394@fyeung5.netific.com>
next in thread | raw e-mail | index | archive | help
> > Greetings, > > On Fri, 17 May 1996, Terry Lambert wrote: > > > Which is to say, you turn on IP forwarding by default (which is illegal) > > and rewrite the packet source headers on the way in and out (which is > > also illegal). > > > Writing a socks client that hooks to a tunnel driver on the machine > > that needs the masquerading is a better solution, and it doesn't > > require kernel hacks to get there (or source hacks for statically > > linked binaries, like normal socks does). And it does it without > > violating the world. > > > > I guess you would need to write a tunnel client daemon (instead of > > putting in about twice as much work to write IP masquerading, as > > well as dragging the poor kernel into the mess). > > > > Seems like that would provide the same capability for less effort > > with fewer drabacks -- but would require an OS (like FreeBSD) with > > tunnel drivers to make it work. > > > Actaully, I have been using (hacked) tcprelay/ftprelay and udprelay to do the similiar thing in FreeBSD. The following approaches may not be 100% identical but some of the objectives are similiar: o Socks - Socks 5 and earlier need sockified clients. - one step process o Fwtk - owned by TIS and needed 2 steps processes o Applications Proxies e.g. Delegate, CERN etc. - good solutions but hard to find one to cover all applications, except Delegate which is very buggy. o tcprelay/udprelay - reasonable soluton. - Almost 1 step e.g. ftp tcprelay 8021 where tcprelay is a gateway machine. o NAT - 1 IP address if this is the objective. None of those mentioned above (except NAT) need kernal modification . One thing that I have not tried is IPIP which can do similiar things. Francis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605181227.MAA21394>