Very Computer

by **Ed Huds** » Mon, 26 Feb 1996 04:00:00

howdy.

i'm looking for a port of the linux ip-masquerading
software (to FreeBSD!), or a package that allows similar
functionality.

i'd appreciate any suggestions.

-elh

by **Julian Elisch** » Mon, 26 Feb 1996 04:00:00

> i'm looking for a port of the linux ip-masquerading
> software (to FreeBSD!), or a package that allows similar
> functionality.

I'm told that TIA might be able to do this for you...
it's a commercial product..

julian

by **J Wuns** » Tue, 27 Feb 1996 04:00:00

> i'm looking for a port of the linux ip-masquerading
> software (to FreeBSD!), or a package that allows similar
> functionality.

What exactly is this for? IP aliasing? RTFM ifconfig(8) for this.
--
cheers, J"org

Never trust an operating system you don't have sources for. ;-)

by **Gary Howlan** » Wed, 28 Feb 1996 04:00:00

> > i'm looking for a port of the linux ip-masquerading
> > software (to FreeBSD!), or a package that allows similar
> > functionality.

> What exactly is this for? IP aliasing? RTFM ifconfig(8) for this.

No, I don't think it's for IP aliasing, I think it is a method
of allowing many machines to access the Internet through a dial up
connection with only one IP addr. What happens is that the unix
box acts like a router, but changes all outgoing IP src-addresses
to it's own, and changes the dst-addresses on incoming packets
before sending them on their way to the local machines. It's a
little more complicated than it sounds since a database has to be
maintained for all TCP connections. Also, it doesn't work with
UDP.

Then again, I may be totally wrong - I'm guessing as to what
masquerading is.

Gary

by **Nick Kralevi** » Wed, 28 Feb 1996 04:00:00

Quote:>No, I don't think it's for IP aliasing, I think it is a method
>of allowing many machines to access the Internet through a dial up
>connection with only one IP addr. What happens is that the unix
>box acts like a router, but changes all outgoing IP src-addresses
>to it's own, and changes the dst-addresses on incoming packets
>before sending them on their way to the local machines. It's a
>little more complicated than it sounds since a database has to be
>maintained for all TCP connections.

Yep, that is essentially correct. The neat thing is that all
programs seem to work transparently.

I use Linux on my computer. When I am connected via a SLIP connection,
my roommate can also use my SLIP connection transparently. He can
use netscape, telnet, DNS, etc, and have it work perfectly. All the
IP packets that he sends out are "masqueraded" as actually coming from
my computer, and incoming packets are automatically converted back
and routed to his computer.

Masquerading allows us to share one phone line, and both use the modem
at the same time, without the need for him to login to my computer
and use my resources (I'm running Linux on a 386/40 with 4 megs,
so him not using my resources is a very good thing!).

Quote:>Also, it doesn't work with
>UDP.

Nope, that's not true. DNS works just fine, and that uses UDP.
Raw sockets don't work (i.e., ping) and some other brain dead
programs. But most programs work transparently.

It doesn't work for incoming connections though. Only for outgoing
connections.

The source for IP_MASQUERADING information is ftp.eves.com:/pub/masq/
Also included at that site is information about what IP
masquerading is, and how it works.

I guess this is just yet another cool feature that Linux has and
FreeBSD doesn't.

Take care,
-- Nick Kralevich

by **Mike Khokhlo** » Wed, 28 Feb 1996 04:00:00

Hi Gary!

>box acts like a router, but changes all outgoing IP src-addresses
>to it's own, and changes the dst-addresses on incoming packets
>before sending them on their way to the local machines. It's a
>little more complicated than it sounds since a database has to be
>maintained for all TCP connections. Also, it doesn't work with
>UDP.

>Then again, I may be totally wrong - I'm guessing as to what
>masquerading is.

>Gary

Try to use Firewall proxy ... I think it's include all that u need .

With best regards,
Mike

by **Kevi** » Thu, 29 Feb 1996 04:00:00

>> i'm looking for a port of the linux ip-masquerading
>> software (to FreeBSD!), or a package that allows similar
>> functionality.

>What exactly is this for? IP aliasing? RTFM ifconfig(8) for this.

I think he might be referring to software that translates IP
addresses for a private network to access the internet.

Thanks

Kev

by **Nick Kralevi** » Thu, 29 Feb 1996 04:00:00

Quote:>No, I don't think it's for IP aliasing, I think it is a method
>of allowing many machines to access the Internet through a dial up
>connection with only one IP addr. What happens is that the unix
>box acts like a router, but changes all outgoing IP src-addresses
>to it's own, and changes the dst-addresses on incoming packets
>before sending them on their way to the local machines. It's a
>little more complicated than it sounds since a database has to be
>maintained for all TCP connections. Also, it doesn't work with
>UDP.

This is essentially correct. My roommate and I use IP_MASQUERADING
so that we can both me online at the same time. When I am online,
he can point his default route at my computer, and run all the
usual programs such as Netscape, telnet, and DNS. To the outside
world, it appears that everything is coming from my computer.
His IP packets are masqueraded as coming from my computer, and on
the return trip, they are converted back to somthing his machine can
understand.

UDP connections work. As an example, DNS, which uses UDP, works.

Ping doesn't work, since it uses raw sockets. Some other programs
don't work, but most programs work without problem.

The definite source for linux IP_MASQUERADING information is
ftp.eves.com:/pub/masq/ . At this site is the masquerading howto,
which explains what IP masquerading can do and what it's trying todo.

Take care,
-- Nick Kralevich

(p.s., my apologizes for a previous post, which I've canceled.
This post is intended to replace it).

by **Ted Wisniews** » Thu, 29 Feb 1996 04:00:00

>The source for IP_MASQUERADING information is ftp.eves.com:/pub/masq/
>Also included at that site is information about what IP
>masquerading is, and how it works.

>I guess this is just yet another cool feature that Linux has and
>FreeBSD doesn't.

Sounds like someone re-wrote slirp and integrated it and called
it a feature. ;->

by **Leslie Mikese** » Thu, 29 Feb 1996 04:00:00

>>The source for IP_MASQUERADING information is ftp.eves.com:/pub/masq/
>>Also included at that site is information about what IP
>>masquerading is, and how it works.

>>I guess this is just yet another cool feature that Linux has and
>>FreeBSD doesn't.

> Sounds like someone re-wrote slirp and integrated it and called
>it a feature. ;->

It would be a feature that many places need, and given that slirp is
based on the bsd network code perhaps it wouldn't be too hard to
integrate it back. Many places have anywhere from a couple of machines
to an office full using private IP numbers and have an internet account
with a single 'real' address. Or you have a class C but too many machines.
Most of the machines only need outbound connections, so a socks-style
gateway would work, but then you have to dig up socks-aware apps for
all your machines. What we need is address remapping where you
can just point the default router address at the server. Slirp does
this nicely but only for serial line connections. We need it for
network links as well. Then you can drop in a single machine that
acts as an SMTP/POP server (plus ftp/http if you need that) to handle
all the inbound connections on the 'real' address, plus acting as the
router/gateway for the hidden net. You can get this effect if you
have slirp on the other end of your connection, but that doesn't match
the common topology.

Les Mikesell