From owner-freebsd-questions  Wed May 15 20:19:58 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id UAA17979
          for questions-outgoing; Wed, 15 May 1996 20:19:58 -0700 (PDT)
Received: from mistery.mcafee.com (jimd@mistery.mcafee.com [192.187.128.69])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id UAA17974;
          Wed, 15 May 1996 20:19:49 -0700 (PDT)
Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id UAA31534; Wed, 15 May 1996 20:28:18 -0700
From: Jim Dennis <jimd@mistery.mcafee.com>
Message-Id: <199605160328.UAA31534@mistery.mcafee.com>
Subject: Re: Networking / Routing question
To: msmith@atrad.adelaide.edu.au (Michael Smith)
Date: Wed, 15 May 1996 20:28:18 -0700 (PDT)
Cc: nate@sri.MT.net, msmith@atrad.adelaide.edu.au, jmb@freefall.freebsd.org,
        questions@FreeBSD.ORG
In-Reply-To: <199605160119.KAA01175@genesis.atrad.adelaide.edu.au> from "Michael Smith" at May 16, 96 10:49:22 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 
> Nate Williams stands accused of saying:
> > > 
> > > I was going to suggest this, until it occurred to me that it would be
> > > impossible for the firewall to connect out through the router.  (With a
> > > default route set to the router, packets originating on the firewall
> > > will have an unroutable source address, and responses will never come
> > > back.)
> > 
> > The 'firewall' is our main email gateway box, and will end up doing all
> > of the 'ftp/www/dns/etc' service to the world.
> 
> Argh.  And I presume you can't use a private network inside the firewall?

	You can.  Just give one "real" (internic issued) IP address to the	
	firewall (one interface on the firewall/proxy host) and give
	an RFC 1597 address (ip aliased or to a different interface) to
	the same machine.

	Now configure your SOCKS or FWTK to proxy between them.
	Also I've heard rumors that Darren Reed's IPFIL package
	includes NAT support (it performs network address translation
	and essentially makes one valid IP address look like a 
	very busy host -- essentially it translates between IP 
	addresses and IP ports -- it's kind of confusing to describe
	-- particularly since I haven't used it yet, read the code or	
	even read the TCP/IP bible).

Jim Dennis,
System Administrator,
McAfee Associates
 
> 
> -- 
> ]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
> ]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
> ]] High-speed data acquisition and      (GSM mobile) 0411-222-496       [[
> ]] realtime instrument control          (ph/fax)  +61-8-267-3039        [[
> ]] Collector of old Unix hardware.      "Where are your PEZ?" The Tick  [[
>