Date: Mon, 20 May 1996 23:34:58 +0100 From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: Tony Kimball <alk@Think.COM> Cc: bmah@cs.berkeley.edu, questions@FreeBSD.ORG Subject: Re: ip masquerading Message-ID: <22593.832631698@palmer.demon.co.uk> In-Reply-To: Your message of "Mon, 20 May 1996 13:48:49 CDT." <199605201848.NAA16883@compound.Think.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Tony Kimball wrote in message ID <199605201848.NAA16883@compound.Think.COM>: > 3. Corollary to #2: "Because Linux does it" is not a really good > reason to do something. > Quite the contrary, actually;-? So we should adopt the GPL? I think not. No, I have to agree to (3) above. Just because they have a lot more followers than we do does not mean we should treat their attitude to their kernel and the functionality (or lack of it) in it as a bible. I have often wondered about an writing IPMasquerade facility for the FreeBSD kernel. However, considering that I would also like to see FreeBSD gain wide commercial recognition (see Garrett's answer) and also conform to as many RFC's as possible, I no longer want that functionality, and in fact have a port of TIS's FWTK approaching completion so that at least I can run a private network and not be worried about possible braindamage on my gateway box. > 1. It introduces hard state in the gateway machine. If the gateway > goes down and comes back up, you lose all the connections through it. > Note that some other approaches such as application-specific gateways > have this problem too. > To my knowledge no solution is proposed which does not. I think > that an RFC on the subject is needed, frankly, to update > requirements in a manner which removes the need for gateway state. > This point is an argument against solving the problem, not against > solving it by masquerade. No thankyou. TCP is inherintely non-stateless (heck, it has a state machine as part of it's basic operation). Putting in non-stateless hacks will just really screw things up. Do you know why Sun's NFS is so poor performance wise? One reason (among many) - the server cannot keep any state information about the clients... > 3. There already exist other methods for doing what IP masquerading > does (for example SOCKs, application-specific gateways). Why does > FreeBSD need another? > Because they don't work. Masquerade works. At least for its > applications. It seems to me that the folks who don't need > masquerade don't care enough for them as do to advocate their plight > adequately to the project. Wrong. Socks works. Works a lot better than Masquerading actually. SOCKS means that if there is a bug in a application-level gateway, it isn't disasterous. A Masquerade bug could start mixing up the i/o streams. No thankyou. If nothing else, I believe it is possible for a SOCKS implimentation for Windows workstations to be done at the winsock.dll level, isn't it? That should remove the need for separate support in each application. > 4. It's not a general purpose solution (e.g. ICMP doesn't work, UDP > support is a hack). For example, how would I ping outside my local > network to track down problems? > From the masquerade host. ICMP works fine, to the network > interface of the *system*. UDP is not a host requirement. One reason for having masquerade is to allow you to offload shell processing load from the gateway. You are promptly putting that load back on. Garrett has his reasons for not liking masquerading, I have mine. And before you start thinking ``this guy is nuts ... he doesn't know what it's like with a singe IP address and a LAN to run from that one address). Wrong. I have 3 IP capable machines in my appartment, and one IP address (palmer.demon.co.uk, 158.152.50.50). If I need to get access to the internet from my LAN, I use a proxy gateway. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22593.832631698>