Date: Wed, 6 Jun 2001 22:33:10 -0500 From: Dan Nelson <dnelson@emsphone.com> To: Doug Lee <dgl@visi.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Shared IP, real-time packet editing, or best offer...? Message-ID: <20010606223310.A28508@dan.emsphone.com> In-Reply-To: <20010606222424.A4331@kirk.sector14.net> References: <20010606222424.A4331@kirk.sector14.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jun 06), Doug Lee said: > I want to do something a bit beyond NAT: > > MSN Messenger's audio protocol and at least the IRC DCC protocols > I've seen send a workstation's IP address inside the data section of > a TCP packet. When the workstation's address is NATed and private, > this translates to communication failure, since the unsuspecting > machine at the other end has no way to route a packet back to the > workstation. > > I can think of two possible solutions to this: (1) sharing the public > IP such that the workstation believes it owns the address but really > only owns the address on certain ports, or (2) editing packets as > they go by and possibly triggering actions, such as firewall > modification, based on data patterns in packets. Option 2 has already been implemented for quite a few protocols and is already used in /sbin/natd and /usr/sbin/ppp in the form of the "alias" library. Take a look at /usr/src/lib/libalias and the libalias manpage. It already handles IRC, and assuming you could figure out the protocol for Messenger, adding new modules is pretty easy. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010606223310.A28508>