From owner-freebsd-questions Sun Feb 11 10:38:12 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA18948 for questions-outgoing; Sun, 11 Feb 1996 10:38:12 -0800 (PST) Received: from kalypso.iqm.unicamp.br (kalypso.iqm.unicamp.br [143.106.13.10]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id KAA18939 for ; Sun, 11 Feb 1996 10:36:46 -0800 (PST) Received: (from vazquez@localhost) by kalypso.iqm.unicamp.br (8.6.12/8.6.12/FreeBSD2.1) id QAA26425; Sun, 11 Feb 1996 16:07:35 GMT From: Pedro A M Vazquez Message-Id: <199602111607.QAA26425@kalypso.iqm.unicamp.br> Subject: Re: IP Masquerading To: terry@lambert.org (Terry Lambert) Date: Sun, 11 Feb 1996 16:07:35 +0000 () Cc: ejs@bfd.com, ptroot@uswest.com, mc7953@mclink.it, questions@freebsd.org In-Reply-To: <199602052232.PAA00445@phaeton.artisoft.com> from "Terry Lambert" at Feb 5, 96 03:32:02 pm X-Organization: Instituto de Quimica - Unicamp X-URL: http://www.iqm.unicamp.br/ X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-questions@freebsd.org Precedence: bulk Terry Lambert said: > > > Actually, this isn't what he's talking about. The Linux implementation > > of IPFW includes some kernel mods that let a firewall translate > > (masquerade) "outgoing" requests, so that the packets have the firewall's > > IP address, and then retranslates the responses so that they get to the > > correct machine/port. > > It's called "proxy". > > It's not "masquerading" because you can't set up incoming FTP requests > (for instance) to one of the proxied machines. > > > The "correct BSD way" of implementing this would be to provide a packet > forwarding daemon that used the tunneling device to do it's thing. > It seems the latest ip-filter version (3.0.2) comes with NAT to make something like this ( http://coombs.anu.edu.au/ăvalon/ip-filter.html) Pedro