From owner-freebsd-hackers Sat Dec 27 02:04:22 1997 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.7/8.8.7) id CAA18213 for hackers-outgoing; Sat, 27 Dec 1997 02:04:22 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from fang.cs.sunyit.edu (root@fang.cs.sunyit.edu [192.52.220.66]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA18207; Sat, 27 Dec 1997 02:04:16 -0800 (PST) (envelope-from perlsta@sunyit.edu) Received: from ppp.ios.com (ppp-2.ts-5.nyc.idt.net [169.132.97.146]) by fang.cs.sunyit.edu (8.8.5/8.7.3) with ESMTP id GAA16141; Sat, 27 Dec 1997 06:05:21 GMT Message-Id: <199712270605.GAA16141@fang.cs.sunyit.edu> From: "Alfred Perlstein" To: "TOKER ONUR" , Cc: Subject: Re: several networking questions ... Date: Sat, 27 Dec 1997 05:01:18 -0500 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1161 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk > (3) What is proxy, ip-tunneling, ip-masquareding ? How can I get more info. > about these ? > quick run down as far as i know..... proxy: a machine that you can connect to as a service to request other services, ie. you have a firewall that doesn't allow any traffic through it, however traffic from the _firewall_ machine is allowed through.... well a program can be run on the firewall that sorta forwards requests out for machines in your internal network to the outside internet.... proxies can also cache data, meaning that if you have a small office connected to the internet a WWW proxy might identify the most common pages that are requested through it and store them locally on the machine, that way if duplicate requests from different machines come though the data is already on the internal network... some proxies are "transparent" i need to use a proxy to play quake, when i run it i set it up to listen on a port, and tell it the outside machine i want to connect to.... then i connect to it from one of my internal machines and it transparently connects me... others like SOCKS need clients (browsers,ftp tools, etc...) that understand that there is a proxy there.... because in the previous example i had to hardwire the quake proxy to connect to a specific machine, but SOCKS allows clients to tell it what data to fetch and from where.... proxies are cool for several reasons, among them: 1) they hide internal IP addresses 2) they might cache data 3) they allow "fake" IP addresses from an internal network to work outside on the net ip tunneling: (i might be wrong) you set up a machine that when connected to, forwards the socket to a different machine. my gateway machine (the one with the connection to the internet) forwards all incomming ftp,telnet,web and more connection to an internal machine that has more power. this is transparent... the incoming "connectee" doesn't know it's not really connecting to gateway.... i've heard that some tunneling programs encrypt the IP traffic in case you have to do something like this over the internet or somewhere where someone might be sniffing ip masqurading.... almost the opposite of tunneling.... one machine acts as a gateway to the internet, all machines trying to go through it have thier IP stripped off and the gateway's IP is put on.... the gateway sorta acts as a middleman, TCP sockets usually have no problem with this, UDP will always break... TCP breaks when someone tries to make an incoming socket to an internal machine.... since it only sees the gateway.... as the outgoing address it tries to connect to it, however it really needs to connect to one of the internal machines.... tough luck :) unless you also use tunneling.... i don't know if this is helpful or not, i'm just glad it'll be on the freeBSD-questions list... also check my web page: http://www.cs.sunyit.edu/~perlsta and try the "UNIX" link... shows some firewall and ipmasqurading for freebsd.... -Alfred