Date: Sun, 13 Apr 2003 21:39:17 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jonathon McKitrick <jcm@FreeBSD-uk.eu.org> Cc: freebsd-questions@freebsd.org Subject: Re: How to connect laptop and desktop w/NICs Message-ID: <20030413203916.GB27510@happy-idiot-talk.infracaninophi> In-Reply-To: <20030413193027.GB98119@dogma.freebsd-uk.eu.org> References: <20030411121053.GA77709@dogma.freebsd-uk.eu.org> <20030413121355.GA96192@dogma.freebsd-uk.eu.org> <20030413152629.GA886@marvin.penguinpowered.org.uk> <200304131204.13035.taxman@acd.net> <20030413193027.GB98119@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0ntfKIWw70PvrIHh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Apr 13, 2003 at 08:30:27PM +0100, Jonathon McKitrick wrote:
> On Sun, Apr 13, 2003 at 12:04:12PM -0400, taxman wrote:
> : On Sunday 13 April 2003 11:26 am, Wayne Pascoe wrote:
> : > On Sun, Apr 13, 2003 at 01:13:55PM +0100, Jonathon McKitrick wrote:
> : > > So far, so good. I can ping each machine from the other, and reset=
these
> : > > settings on startup.
> : > >
> : > > However, the laptop (which I decided to make a client of the deskto=
p, now
> : > > that I have a modem for the desktop) cannot ping past the gateway. =
I
> : > > have the default router set to the desktop, but something else must=
be
> : > > wrong.
> : > >
> : > > Do I need to have inetd or natd running explicitly for this to work?
> : >
> : > Do you have
> : > gateway_enable=3D"YES"
> : > in /etc/rc.conf ? If not you need to add this.
> :=20
> : from rc.conf(5) it doesn't seem that gateway_enable starts natd. Then =
what is=20
> : the difference?
> : I'm a networking moron and in a similiar situation as Jonathon, and I w=
as=20
> : wondering which options to use.
>=20
> >From what I have learned, and this may be the blind leading the blind, b=
ut
> the gateway simply forwards packets that are not address for that machine
> out to the net. However, natd seems to allow them to be received back as
> well, since the IP address of the machine behind the gateway is privately
> assigned and unknown outside that network.
Well, ish. Gatewaying allows a machine to receive a packet not
directly addressed to it on one interface, and forward it out of
another interface --- usually between different networks: hence the
machine becomes the gateway between the two networks. Also known as
"routing" since the machine will choose the best next hop gateway to
forward the packet to in order to most effectively route it to the
destination.
The other sort of gatewaying is more commonly known as "bridging",
where each interface is on a different ethernet segment of the same
network. In this case it's routing packets at the ethernet MAC level
rather than the IP level. Bridging was a big deal back in the days of
10base2 coax network cables, but nowadays with twisted pair cabling
and modern switches which effectively bridge between each of their
network ports, about the only point of setting up a machine as a
bridge is so that you can use it for firewalling.
NAT, also known as masquerading (particularly in the Linux world) is a
response to the limited IPv4 address space available on the Internet.
Effectively it lets you hide a whole network behind one IP number. It
does this by intercepting the packets as they go past and rewriting
the internal address and maybe port number before they go out onto the
internet. It also keeps a record of what it has rewritten so that it
can detect the replies coming back to the outgoing packet and so
substitute back the original address. This works perfectly for an
internal machine trying to connect outwards to a server on the
internet, but a priori there's no way for an external machine to know
where to address the packets in order to connect inwards without some
sort of hint from the command line flags. =20
In principle with the advent of IPv6, NAT won't be necessary, as there
will be more than enough addresses for any conceivable use.
(According to my ISP, the standard allocation of a block of IPv6
addresses will be sufficient for about 10^24 machines...) However the
'one way valve' effect of a NAT gateway is a very handy feature in
securing a network, so NATing may not disappear that speedily.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--0ntfKIWw70PvrIHh
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+mcr0dtESqEQa7a0RAvKYAJ94Mv9yRZJoNvB797JrGhjO3OQsxgCeKkPC
96HSxAiuPdVlS0+e4k7dxno=
=rJCl
-----END PGP SIGNATURE-----
--0ntfKIWw70PvrIHh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030413203916.GB27510>