Date: Fri, 03 Sep 1999 17:14:09 -0500 From: Jeremy McMillan <aphor@ripco.NOSPAM.com> To: Derrick <dlow3@earthlink.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: Help with masquerading hybrid cable modem connection Message-ID: <37D04831.DFA04B3F@ripco.NOSPAM.com> References: <37CF7CF0.AD0B0A4F@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Is there a newbies' IP FAQ somewhere? This guy (and a LOT of people trying to set up NAT boxen in general) is way over his head. A basic concept of IP is that your computer, and any router/gateway, and the server out there all arbitrate the path each IP packet takes. If there are multiple paths, packets for one network session can be sent down every one of those paths. When (and if) the destination host gets the packets, they will probably be in the wrong order. Imagine packets are a deck of cards. One word of an email is written on each card from the ace, to the two, three, four, etc.. Several dealers all shuffle and cut and pass portions of the deck around amongs themselves in a random way, but each time a card comes your way you grab it and sort your pile. Like solitaire, you have to make piles of cards in exact sequence, which you can read your email from. There is a dealer on the other side of your cablemodem to give you lots of cards quickly, but he will never take any cards from you. Across your modem, there is another dealer who will take cards from you, but he deals s l o w l y . Routes: Lucky for you, the crowd of dealers out there gets told (by your ISP) that the fast dealer is the only guy who knows how to reach you. You, on the other hand know that the modem guy is how you reach the outside world. ipfw: Standard firewall rulesets are deny-by-default, meaning if you don't explicitly OK it, it gets dropped. These often assume you have *one* legitimate route to the Internet. You may have to add rules to accomodate the dual-homed connection to the Internet. This includes rules which divert packets to the NAT daemon. NAT: It doesn't care unless you're doing funky static NAT... -- PLEASE NOTICE: THERE MAY BE NOSPAM IN THE HEADERS WHEN YOU HIT "REPLY"!!! Jeremy McMillan <aphor at ripco.com> | Ask for PGP-2.6.2 or 5.0i Chicago FreeBSD Users Group http://pages.ripco.com/~aphor/ChiFUG.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37D04831.DFA04B3F>