Date: Mon, 20 May 1996 12:48:09 -0700 (PDT) From: Jim Dennis <jimd@mistery.mcafee.com> To: root@bonsai.its.utas.edu.au (Charlie ROOT) Cc: FreeBSD-Questions@freebsd.org Subject: Re: ip masquerading Message-ID: <199605201948.MAA06002@mistery.mcafee.com> In-Reply-To: <Pine.BSF.3.91.960520093243.8015A-100000@bonsai.its.utas.edu.au> from "Charlie ROOT" at May 20, 96 09:37:44 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hi, > > Sorry to stick an uneducated oar in the water but where does something > like SLiRP fit in to all this? I don't know where SLiRP fits into IP Masquerading. > > According to the documentation <http://peak.usa1.com/slirp/slirp.doc.txt> > SLiRP allows you to connect a network of hosts to the internet without needing > globablly unique numbers (ie you can use 10.0.2.xxx for your hosts). That would suggest that SLiRP is acting as a network address translator (NAT) or as a proxy (like SOCKS). > > Dose this contravene the rfcs? > Andrew 10.x.x.x and 192.168.x.x are listed in RFC1597 quoted below: ---------------------------------------------------------------------- 3. Private Address Space The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 We will refer to the first block as "24-bit block", the second as "20-bit block, and to the third as "16-bit" block. Note that the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and third block is a set of 255 contiguous class C network numbers. ---------------------------------------------------------------------- Note: you can't just use your FreeBSD box as a router between your providers IP network (the number he gives your PPP connection) and your internal network (the numbers you pick from the above list). This is because your packets would go out to the net with a source address in one of these reserved ranges -- and all of the properly configured routers on the net will reject them (since IANA has promised that no valid internet host will ever have one of these addresses). With proxying or NAT your packets (from the private net hosts) get to the gateway host -- the gateway host sends *it's own packets out to the net* than it sorts out the packets it recieves and sends the response back to the applications/hosts that initiated the proxy'd session). (Thus the term "gateway" -- which in OSI terminology means "works at the application layer" vs. the term "router" - which refers to software (or firmware) that operates at the transport layer (or thereabouts)). I'm sorry I didn't answer your questions about SLiRP and IP Masquerading specifically. I don't know about those. Jim Dennis, System Administrator, McAfee Associates
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605201948.MAA06002>