From owner-freebsd-questions  Thu Mar  2 13:30:33 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from europe.std.com (europe.std.com [199.172.62.20])
	by hub.freebsd.org (Postfix) with ESMTP id 1441D37BD7B
	for <questions@freebsd.org>; Thu,  2 Mar 2000 13:30:30 -0800 (PST)
	(envelope-from lowell@world.std.com)
Received: from world.std.com (lowell@world-f.std.com [199.172.62.5])
	by europe.std.com (8.9.3/8.9.3) with ESMTP id QAA25803;
	Thu, 2 Mar 2000 16:30:26 -0500 (EST)
Received: (from lowell@localhost)
	by world.std.com (8.9.3/8.9.3) id QAA03587;
	Thu, 2 Mar 2000 16:30:25 -0500 (EST)
Date: Thu, 2 Mar 2000 16:30:25 -0500 (EST)
Message-Id: <200003022130.QAA03587@world.std.com>
From: Lowell Gilbert <lowell@world.std.com>
To: yurtesen@ispro.net.tr
Cc: questions@freebsd.org
In-reply-to: <Pine.BSF.4.21.0003022247270.20276-100000@finland.ispro.net.tr>
	(message from Evren Yurtesen on Thu, 2 Mar 2000 22:51:13 +0200 (EET))
Subject: Re: [freebsd-questions] connecting to a virtual ip address
References:  <Pine.BSF.4.21.0003022247270.20276-100000@finland.ispro.net.tr>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

   Date: Thu, 2 Mar 2000 22:51:13 +0200 (EET)
   From: Evren Yurtesen <yurtesen@ispro.net.tr>

   but then how come those people who have virtual ip addresses are able
   to connect outside world and download files etc. without any problem?
   I thought somehow the servers are sending the packets to their IP addreses
   but through the gateway which they use.

The difference between the two situations consists of whether the
first packet of the connection is going out of the privately-addressed
network or into it.  

When someone connects *out* of the NAT'd network, the NAT daemon at
the border, in rewriting and forwarding the packet, keeps track of the
fact that it did so, and of the address-port combination of the two
ends of the connection being established.  Afterwards (and *only*
afterwards) it can use that information to identify the packets coming
back and know where to send them on the inside network.

In the case where you are trying to connect into the network from
outside, the NAT daemon has no obvious way to figure out which inside
machine should get the connection.  In fact, a lot of people
incorrectly think of NAT as a security feature for this reason.
Usually, the only way to make an inside machine's telnet server
visible from outside is by explicit configuration -- for example, the
"redirect_port" or "redirect_address" features of FreeBSD's NATD.

In normal operation, NAT depends on being able to identify packets as
being part of a particular connection.  That leads to a number of
limitations: it doesn't work well for connectionless protocols, it
doesn't work well for incoming connections, and protocols with
multiple connections tend to require the NAT code to have knowledge of
the protocol's internals.  

Be well.

   > > My friend is behind a dialup connection which uses ip masquarading
   > > he has FreeBSD installed in his machine and his ip address is something
   > > like 192.168.1.10
   > > How can I make telnet to his machine when I know the gateway address?
   > 
   > There isn't necessarily any way to do so.
   > 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message