Date: Sun, 13 Apr 2003 21:39:17 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jonathon McKitrick <jcm@FreeBSD-uk.eu.org> Cc: freebsd-questions@freebsd.org Subject: Re: How to connect laptop and desktop w/NICs Message-ID: <20030413203916.GB27510@happy-idiot-talk.infracaninophi> In-Reply-To: <20030413193027.GB98119@dogma.freebsd-uk.eu.org> References: <20030411121053.GA77709@dogma.freebsd-uk.eu.org> <20030413121355.GA96192@dogma.freebsd-uk.eu.org> <20030413152629.GA886@marvin.penguinpowered.org.uk> <200304131204.13035.taxman@acd.net> <20030413193027.GB98119@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0ntfKIWw70PvrIHh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 13, 2003 at 08:30:27PM +0100, Jonathon McKitrick wrote: > On Sun, Apr 13, 2003 at 12:04:12PM -0400, taxman wrote: > : On Sunday 13 April 2003 11:26 am, Wayne Pascoe wrote: > : > On Sun, Apr 13, 2003 at 01:13:55PM +0100, Jonathon McKitrick wrote: > : > > So far, so good. I can ping each machine from the other, and reset= these > : > > settings on startup. > : > > > : > > However, the laptop (which I decided to make a client of the deskto= p, now > : > > that I have a modem for the desktop) cannot ping past the gateway. = I > : > > have the default router set to the desktop, but something else must= be > : > > wrong. > : > > > : > > Do I need to have inetd or natd running explicitly for this to work? > : > > : > Do you have > : > gateway_enable=3D"YES" > : > in /etc/rc.conf ? If not you need to add this. > :=20 > : from rc.conf(5) it doesn't seem that gateway_enable starts natd. Then = what is=20 > : the difference? > : I'm a networking moron and in a similiar situation as Jonathon, and I w= as=20 > : wondering which options to use. >=20 > >From what I have learned, and this may be the blind leading the blind, b= ut > the gateway simply forwards packets that are not address for that machine > out to the net. However, natd seems to allow them to be received back as > well, since the IP address of the machine behind the gateway is privately > assigned and unknown outside that network. Well, ish. Gatewaying allows a machine to receive a packet not directly addressed to it on one interface, and forward it out of another interface --- usually between different networks: hence the machine becomes the gateway between the two networks. Also known as "routing" since the machine will choose the best next hop gateway to forward the packet to in order to most effectively route it to the destination. The other sort of gatewaying is more commonly known as "bridging", where each interface is on a different ethernet segment of the same network. In this case it's routing packets at the ethernet MAC level rather than the IP level. Bridging was a big deal back in the days of 10base2 coax network cables, but nowadays with twisted pair cabling and modern switches which effectively bridge between each of their network ports, about the only point of setting up a machine as a bridge is so that you can use it for firewalling. NAT, also known as masquerading (particularly in the Linux world) is a response to the limited IPv4 address space available on the Internet. Effectively it lets you hide a whole network behind one IP number. It does this by intercepting the packets as they go past and rewriting the internal address and maybe port number before they go out onto the internet. It also keeps a record of what it has rewritten so that it can detect the replies coming back to the outgoing packet and so substitute back the original address. This works perfectly for an internal machine trying to connect outwards to a server on the internet, but a priori there's no way for an external machine to know where to address the packets in order to connect inwards without some sort of hint from the command line flags. =20 In principle with the advent of IPv6, NAT won't be necessary, as there will be more than enough addresses for any conceivable use. (According to my ISP, the standard allocation of a block of IPv6 addresses will be sufficient for about 10^24 machines...) However the 'one way valve' effect of a NAT gateway is a very handy feature in securing a network, so NATing may not disappear that speedily. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --0ntfKIWw70PvrIHh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+mcr0dtESqEQa7a0RAvKYAJ94Mv9yRZJoNvB797JrGhjO3OQsxgCeKkPC 96HSxAiuPdVlS0+e4k7dxno= =rJCl -----END PGP SIGNATURE----- --0ntfKIWw70PvrIHh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030413203916.GB27510>