From owner-freebsd-questions  Sat May 18 21:14:49 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id VAA19079
          for questions-outgoing; Sat, 18 May 1996 21:14:49 -0700 (PDT)
Received: from ICSI.Net (root@ns2.ICSI.Net [199.1.96.110])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id VAA19062
          for <FreeBSD-Questions@FreeBSD.org>; Sat, 18 May 1996 21:14:43 -0700 (PDT)
Received: from clintm.icsi.net by  ICSI.Net (5.x/SMI-SVR4)
	id AA05486; Sat, 18 May 1996 23:14:05 -0500
Message-Id: <319EAD38.3F54BC7E@icsi.net>
Date: Sun, 19 May 1996 00:10:16 -0500
From: Clint Marek <clintm@ICSI.Net>
X-Mailer: Mozilla 3.0b3 (X11; I; FreeBSD 2.1.0-RELEASE i386)
Mime-Version: 1.0
To: Archie Cobbs <archie@whistle.com>
Cc: terry@lambert.org, dwhite@riley-net170-164.uoregon.edu,
        FreeBSD-Questions@FreeBSD.org, bmah@cs.berkeley.edu
Subject: Re: ip masquerading
References: <199605182006.NAA05459@bubba.whistle.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Archie Cobbs wrote:

> You seem to be implying that masquerading is ``detectable'' in some
> way by external machines, that is, that somehow it's going to screw
> up (or make angry) other routers on the Internet. This completely
> escapes me.
> 
> In other words, if you're saying it violates some protocol, then that
> violation should be visible on the wire between the masquerading host
> and the rest of the Internet. Can you describe what that violation is?
> 
> Remember, we're talking about a situation where the hosts behind the
> masquerading host are on a ``leaf'' network, without any other route
> to the Internet. Obviously, it would be totally screwey otherwise.
> 
> So as far as the Internet, the IETF, the protocol police, and everybody
> else is concerned, there's only a single host at this site and it's
> obeying all the rules! If you disagree, then the burden of proof is on
> you to quote the relevant RFC's.
> 

This is what I was using masquerading for.  I did not want the possibility of a
connection being initiated from the internet.  I used reserved "unrouteable" IPs
(192.168.*.*) on the ethernet, and my gateway/router/masquerader/firewall was my PC
connected to the net via PPP.  I was not aware that masquerading was unique/specific
to Linux.  Does the router-in-a-box from BSDi use socks?  They advertise needing only
one IP address to connect an ethernet to the internet. 

BTW, the Linux masquerading home page is http://www.indyramp.com/masq/

Clint