From owner-freebsd-questions Fri Nov 17 21:39:49 1995 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id VAA24941 for questions-outgoing; Fri, 17 Nov 1995 21:39:49 -0800 Received: from ncc-1701-d.starfleet.gov (ix-sb1-13.ix.netcom.com [204.32.201.45]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA24911 for ; Fri, 17 Nov 1995 21:39:41 -0800 Received: (from d_burr@localhost) by ncc-1701-d.starfleet.gov (8.6.11/8.6.9) id VAA00785; Fri, 17 Nov 1995 21:41:11 -0800 Date: Fri, 17 Nov 1995 21:41:10 -0800 (PST) From: Donald Burr X-Sender: d_burr@ncc-1701-d To: FreeBSD Questions Subject: IP Masquerading under FreeBSD? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org Precedence: bulk Linux apparently has the ability to "masquerade" IP addresses, so that addresses from ANY machine on my network will appear, to the outside world, as coming from only one address. for example: My home network uses the class C address 192.160.60.xxx. I connect to the outside world using PPP, and my PPP provider dynamically assigns me a address, usually in the range of (Class C) 204.32.201.xxx. BUT, my PPP provider DOES NOT know about my home-brew network (192.160.60.xxx), nor can they provide a static route to it. Thus, accessing the outside world from 192.160.60.100 (which happens to be my freeBSD machine, running ppp) works fine, BUT if I try to access the outside world from any of the various other DOS, Win95, OS/2, ... boxes in my house won't work, because, even though my FreeBSD machine forwards packets, the other internet machine I'm trying to communicate with doesn't have a clue as to how to reach the 192.160.60.xxx network. What the IP_MASQUERADE thing that Linux implements does, is to "masquerade" packets coming from all machines on my 192.160.60.xxx network, dynamically "rewriting" them to "pretend" like they're all coming from one machine (mainly, the address that my PPP provider assigns me, 204.32.201.xxx.) THIS way, the machine I'm trying to talk to, knows how to get to the 204.32.201.xxx net, and everything's happy. The follownig blurb from the Linux NET-2-HOWTO file should (hopefully) better explain exactly what I'm trying to say: -----cut here 13.11. IP_MASQUERADE - allow a number of hosts to pretend to be one. If you are one of the many people who have some sort of local network at home, whether it be a couple of machine connected via a slip/plip/ppp link to each other, or a number of machines connected to a private ethernet network who also has a dial-up Internet connection then you have probably at one time or another wanted the machines not directly connected to be able to communicate with the Internet. This is normally achieved by getting a valid register IP network address for your local network and asking your Internet Service Provider to kindly provide a network route to your network connection instead of the single host route they were previously providing. Unfortunately many Internet Service Providers will ask you to provide a good deal more dollars for the priveledge of better utilising the bandwidth of your connection and you probably don't much like that idea. IP_MASQUERADING provides a clever solution to this problem by making all of the machines on your network look like one very active networked machine. It does this by performing real-time, on the fly address translations. Most of the code was authored by Pauline Middelink . Ken Eaves