From owner-freebsd-ipfw Fri Sep 3 15:14:52 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from www.notrecords.com (228-121.ppp.ripco.net [209.100.228.121]) by hub.freebsd.org (Postfix) with ESMTP id 3B3E314D54 for ; Fri, 3 Sep 1999 15:14:39 -0700 (PDT) (envelope-from aphor@ripco.NOSPAM.com) Received: from ripco.NOSPAM.com (localhost [127.0.0.1]) by www.notrecords.com (8.9.3/8.9.3) with ESMTP id RAA06834; Fri, 3 Sep 1999 17:14:13 -0500 (CDT) (envelope-from aphor@ripco.NOSPAM.com) Message-ID: <37D04831.DFA04B3F@ripco.NOSPAM.com> Date: Fri, 03 Sep 1999 17:14:09 -0500 From: Jeremy McMillan Reply-To: aphor@ripco.NOSPAM.com Organization: Loose.. X-Mailer: Mozilla 4.6 [en] (X11; I; FreeBSD 3.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Derrick Cc: freebsd-ipfw@freebsd.org Subject: Re: Help with masquerading hybrid cable modem connection References: <37CF7CF0.AD0B0A4F@earthlink.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Is there a newbies' IP FAQ somewhere? This guy (and a LOT of people trying to set up NAT boxen in general) is way over his head. A basic concept of IP is that your computer, and any router/gateway, and the server out there all arbitrate the path each IP packet takes. If there are multiple paths, packets for one network session can be sent down every one of those paths. When (and if) the destination host gets the packets, they will probably be in the wrong order. Imagine packets are a deck of cards. One word of an email is written on each card from the ace, to the two, three, four, etc.. Several dealers all shuffle and cut and pass portions of the deck around amongs themselves in a random way, but each time a card comes your way you grab it and sort your pile. Like solitaire, you have to make piles of cards in exact sequence, which you can read your email from. There is a dealer on the other side of your cablemodem to give you lots of cards quickly, but he will never take any cards from you. Across your modem, there is another dealer who will take cards from you, but he deals s l o w l y . Routes: Lucky for you, the crowd of dealers out there gets told (by your ISP) that the fast dealer is the only guy who knows how to reach you. You, on the other hand know that the modem guy is how you reach the outside world. ipfw: Standard firewall rulesets are deny-by-default, meaning if you don't explicitly OK it, it gets dropped. These often assume you have *one* legitimate route to the Internet. You may have to add rules to accomodate the dual-homed connection to the Internet. This includes rules which divert packets to the NAT daemon. NAT: It doesn't care unless you're doing funky static NAT... -- PLEASE NOTICE: THERE MAY BE NOSPAM IN THE HEADERS WHEN YOU HIT "REPLY"!!! Jeremy McMillan | Ask for PGP-2.6.2 or 5.0i Chicago FreeBSD Users Group http://pages.ripco.com/~aphor/ChiFUG.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message