From owner-freebsd-current Tue Apr 23 00:02:29 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA09119 for current-outgoing; Tue, 23 Apr 1996 00:02:29 -0700 (PDT) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id AAA09113 for ; Tue, 23 Apr 1996 00:02:23 -0700 (PDT) Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id QAA09490; Tue, 23 Apr 1996 16:26:58 +0930 From: Michael Smith Message-Id: <199604230656.QAA09490@genesis.atrad.adelaide.edu.au> Subject: Re: socks support native in freebsd? To: terry@lambert.org (Terry Lambert) Date: Tue, 23 Apr 1996 16:26:58 +0930 (CST) Cc: msmith@atrad.adelaide.edu.au, terry@lambert.org, pst@shockwave.com, current@FreeBSD.org In-Reply-To: <199604230633.XAA18930@phaeton.artisoft.com> from "Terry Lambert" at Apr 22, 96 11:33:29 pm MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Terry Lambert stands accused of saying: > > > > This is total crap. How can you possibly implement what Socks does > > using a "tunnel"? Socks provides a standards-friendly means of > > hiding unroutable hosts behind a routed firewall. It provides > > healthy amounts of logging, and good configuration flexibility. > > By IP tunneling the default route to the socksd that then forwards > it to the forwarding host using a static route to the real interface. How is this different from the already-deemed-evil Linux "IP Masquerading"? The 'tunnel' approach either requires a socks-like protocol, which requires application (or library) support, or it rewrites packet headers. > Local routes can also go to the local linterface statically, by net. Heh. That's the linterface that uses static to collect dropped routes? 8) > > Given the popularity of firewalls these days, this would be a Big Plus. > > First, he was talking about implementing it on a per application > basis via the makefile hack that is recommended by the socks > package. Actually, Paul was talking about 'whatever is state-of-the-art'. Witness the upcoming back-outs of the initial socks-4 stuff, and the implementation of the (optional) socks-5 shared-library features. > Second, this is an atypical network configuration, and the average > user should not have to pay for it in their libc. *snort*. There are a million warts that the 'average user' pays for already in their libc. I would suggest that any overhead that Socks-awareness would impose on the (small) number of relevant system calls would be noise against interrupt latency on the average network interface. > > ...except that Netscape (at the least) already supports Socks, and in fact > > goes so far as to support making TCP DNS queries so that a UDP proxy isn't > > required. > > Fine. Pick a binary program other than Netscape which does not support > socks. Hmm. Microsoft Explorer, perhaps. > Terry Lambert -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] Collector of old Unix hardware. "Where are your PEZ?" The Tick [[