Date: Thu, 2 Mar 2000 16:30:25 -0500 (EST) From: Lowell Gilbert <lowell@world.std.com> To: yurtesen@ispro.net.tr Cc: questions@freebsd.org Subject: Re: [freebsd-questions] connecting to a virtual ip address Message-ID: <200003022130.QAA03587@world.std.com> In-Reply-To: <Pine.BSF.4.21.0003022247270.20276-100000@finland.ispro.net.tr> (message from Evren Yurtesen on Thu, 2 Mar 2000 22:51:13 %2B0200 (EET)) References: <Pine.BSF.4.21.0003022247270.20276-100000@finland.ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
Date: Thu, 2 Mar 2000 22:51:13 +0200 (EET) From: Evren Yurtesen <yurtesen@ispro.net.tr> but then how come those people who have virtual ip addresses are able to connect outside world and download files etc. without any problem? I thought somehow the servers are sending the packets to their IP addreses but through the gateway which they use. The difference between the two situations consists of whether the first packet of the connection is going out of the privately-addressed network or into it. When someone connects *out* of the NAT'd network, the NAT daemon at the border, in rewriting and forwarding the packet, keeps track of the fact that it did so, and of the address-port combination of the two ends of the connection being established. Afterwards (and *only* afterwards) it can use that information to identify the packets coming back and know where to send them on the inside network. In the case where you are trying to connect into the network from outside, the NAT daemon has no obvious way to figure out which inside machine should get the connection. In fact, a lot of people incorrectly think of NAT as a security feature for this reason. Usually, the only way to make an inside machine's telnet server visible from outside is by explicit configuration -- for example, the "redirect_port" or "redirect_address" features of FreeBSD's NATD. In normal operation, NAT depends on being able to identify packets as being part of a particular connection. That leads to a number of limitations: it doesn't work well for connectionless protocols, it doesn't work well for incoming connections, and protocols with multiple connections tend to require the NAT code to have knowledge of the protocol's internals. Be well. > > My friend is behind a dialup connection which uses ip masquarading > > he has FreeBSD installed in his machine and his ip address is something > > like 192.168.1.10 > > How can I make telnet to his machine when I know the gateway address? > > There isn't necessarily any way to do so. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003022130.QAA03587>