From owner-freebsd-hackers  Tue Jul 16 19:43:17 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA06407
          for hackers-outgoing; Tue, 16 Jul 1996 19:43:17 -0700 (PDT)
Received: from ref.tfs.com ([206.245.251.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA06402
          for <freebsd-hackers@FreeBSD.ORG>; Tue, 16 Jul 1996 19:43:15 -0700 (PDT)
Received: (from julian@localhost) by ref.tfs.com (8.7.5/8.7.3) id TAA04643; Tue, 16 Jul 1996 19:41:57 -0700 (PDT)
Message-Id: <199607170241.TAA04643@ref.tfs.com>
Subject: Re: IP masquerading over tunel device
To: danny@panda.hilink.com.au (Daniel O'Callaghan)
Date: Tue, 16 Jul 1996 19:41:57 -0700 (PDT)
From: "JULIAN Elischer" <julian@ref.tfs.com>
Cc: noel@harleystreet.com, freebsd-hackers@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.91.960717093620.27376C-100000@panda.hilink.com.au> from "Daniel O'Callaghan" at Jul 17, 96 09:42:37 am
X-Mailer: ELM [version 2.4 PL25 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 
> 
> 
> I've been meaning to do this for a while, but never found my round tuit.
> Pull apart the Linux ipfw code.  It is different, but has a similar 
> parentage, and it has the NAT code in it already.  Also, the SliRP code has 
> some good stuff on rewriting FTP packets etc.
> 
> In FreeBSD, it can either be done by making SliRP use tun, instead of
> stdin/stdout, or by doing it entirely in ipfw.  Both make sense.
> However, in using tun, one may have to add a 'steer' command to ipfw
> to divert  packets to the tun interface based on their origin IP address.
> This would allow you to do masquerading for one internal network, but not 
> another.  Very flexible!

we've already done this..
see divert(4) in -current and ipfw(8) as well of course

> 
> On Tue, 16 Jul 1996, Noel Burton-Krahn wrote:
> 
> > > > 
> > > > I'm condidering hacking IP masquerading into FreeBSD.  Options include:
> > > > 1) something like PPP which extracts packets from the tunnel device, =
> > > > edits them, and retransmits.
> > > > 2) modifying the kernel firewall code a la Linux.
> > > > 
> > > > option #1 seems more elegant to me, but I don't have any docs on the =
> > > > tunnel device, other than the PPP source.  Could someone supply me with =
> > > > docs?
> > > > 
> > > > Of course if someone is already trying this, let me know.
> > > > 
> > > > --Noel
> > > > 
> > > > 
> > > 
> > > 
> > > 
> > 
> > 
> > 
>