From owner-freebsd-hackers  Tue Jul 16 16:47:01 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA14800
          for hackers-outgoing; Tue, 16 Jul 1996 16:47:01 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA14416
          for <freebsd-hackers@freebsd.org>; Tue, 16 Jul 1996 16:44:22 -0700 (PDT)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.5/8.7.3) id JAA28218; Wed, 17 Jul 1996 09:42:38 +1000 (EST)
Date: Wed, 17 Jul 1996 09:42:37 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Noel Burton-Krahn <noel@harleystreet.com>
cc: "'freebsd-hackers@freebsd.org'" <freebsd-hackers@freebsd.org>
Subject: RE: IP masquerading over tunel device
In-Reply-To: <01BB72FD.0E47CEE0@mcduck.harleystreet.com>
Message-ID: <Pine.BSF.3.91.960717093620.27376C-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


I've been meaning to do this for a while, but never found my round tuit.
Pull apart the Linux ipfw code.  It is different, but has a similar 
parentage, and it has the NAT code in it already.  Also, the SliRP code has 
some good stuff on rewriting FTP packets etc.

In FreeBSD, it can either be done by making SliRP use tun, instead of
stdin/stdout, or by doing it entirely in ipfw.  Both make sense.
However, in using tun, one may have to add a 'steer' command to ipfw
to divert  packets to the tun interface based on their origin IP address.
This would allow you to do masquerading for one internal network, but not 
another.  Very flexible!

On Tue, 16 Jul 1996, Noel Burton-Krahn wrote:

> > > 
> > > I'm condidering hacking IP masquerading into FreeBSD.  Options include:
> > > 1) something like PPP which extracts packets from the tunnel device, =
> > > edits them, and retransmits.
> > > 2) modifying the kernel firewall code a la Linux.
> > > 
> > > option #1 seems more elegant to me, but I don't have any docs on the =
> > > tunnel device, other than the PPP source.  Could someone supply me with =
> > > docs?
> > > 
> > > Of course if someone is already trying this, let me know.
> > > 
> > > --Noel
> > > 
> > > 
> > 
> > 
> > 
> 
> 
>