Can NetBSD do IP masquerading?

Can NetBSD do IP masquerading?

Post by Todd Ferr » Sat, 23 Mar 1996 04:00:00



I have a local e-net that I want to have internet access.  The problem is
that I have access to only a single *real* IP number (via PPP).

I know that there are firewall/proxy packages out there (SOCKS?) that in
theory should allow me to access the outside world through the NetBSD
machine that has the PPP line.  The problem is that I would have to
access it through proxy interfaces.

I noticed that linux has something called "IP masquerading".  From what I
have gathered this is what I want.  It allows a single host with one IP
to serve many hosts with *private* IP numbers (10.x.x.x etc.)  It does
this by changing the packet address on the packets it routes, so that the
outside world can only see the gateway IP address.

This seems like the ideal solution since it doesn't require that a
special proxy enabled client be used.

Is there an equivalent to this for NetBSD?

Thanks

Todd Ferris

 
 
 

Can NetBSD do IP masquerading?

Post by Jon Bulle » Sat, 23 Mar 1996 04:00:00



> I have a local e-net that I want to have internet access.  The problem is
> that I have access to only a single *real* IP number (via PPP).

Sounds like my setup.  NetBSD/pc532 to the Internet via modem, Mac to
pc532
via serial line.

Quote:> I know that there are firewall/proxy packages out there (SOCKS?) that in
> theory should allow me to access the outside world through the NetBSD
> machine that has the PPP line.  The problem is that I would have to
> access it through proxy interfaces.

I use the TIS Firewall Toolkit.  Since about the only thing I do on the
Internet with my mac is Netscape, I only bothered with setting up the
http
proxy.  However, there is a ftp proxy, X proxy, etc.  as well as a
TCP/IP
port x to address/port y proxy for things like NNTP.  I've been thinking
about setting that one up, but since my mac is also my pc532 console, I
have to run ppp on the console to use the proxies.  It makes setup a bit
trickier, and if something hangs, you don't have a console anymore, so
I don't use it a whole lot.

Quote:> I noticed that linux has something called "IP masquerading".  From what I
> have gathered this is what I want.  It allows a single host with one IP
> to serve many hosts with *private* IP numbers (10.x.x.x etc.)  It does
> this by changing the packet address on the packets it routes, so that the
> outside world can only see the gateway IP address.

Interesting, the TIS system just listens on ports and forwards the
requests.
Standard client/server kind of stuff, and it sounds a lot easier to me
than
having the networking code muck with rewriting packets...

Quote:> This seems like the ideal solution since it doesn't require that a
> special proxy enabled client be used.

No special proxy clients for me, however Netscape does know about
proxies
already, otherwise I would have to put http://firewall/ in front of all
my
URLs. Not a real big deal, but a small annoyance on a regular basis...
8-(


Include quotes, discaimers, graphics, etc. as desired or needed

 
 
 

Can NetBSD do IP masquerading?

Post by Matthias Schele » Sat, 23 Mar 1996 04:00:00


Todd Ferris wrote in comp.unix.bsd.netbsd.misc about "Can NetBSD do IP
masquerading?":

Quote:> This seems like the ideal solution ...

Ideal solution? I would call this just another big bad hack in Linux.

--
Matthias Scheler

 
 
 

Can NetBSD do IP masquerading?

Post by Brian Some » Tue, 02 Apr 1996 04:00:00


: Todd Ferris wrote in comp.unix.bsd.netbsd.misc about "Can NetBSD do IP
: masquerading?":
: > This seems like the ideal solution ...

: Ideal solution? I would call this just another big bad hack in Linux.

WRONG !

: --
: Matthias Scheler

My setup is similar, I run FreeBSD as a server.  It answers the phone and
pretends to be a fax machine, it supplies filesystems via NFS to an OS/2
box as well as another FreeBSD/DOS box.

I am told that OS/2 has some "auto update" patch facility, but I can't
use this, 'cos my server machine owns my IP number.  In fact, my server
doesn't even have a screen connected to it !

It's pathetic that I have to connect to my server via telnet or the like,
then to the net, and the only solution is proxies ?

The only bad bit about masquerading is that on large subnets, you may
run out of sockets on the gateway machine, but apart from that, I would
suggest that it's less of a "hack" than proxies !

I would be interested if anyone is planning on adding support to NetBSD
or FreeBSD, and if not, I would be willing.  Are the following assumptions
true ?:

In the IP forwarding bit of the kernel, we already check if the received
packet has to be put down another interface...  If so, we add a new bit
of code that says:

    unsigned long myIP, inetIP, lanIP, mySocket, inetSocket, lanSocket;

    Does this inetIP:inetSocket => myIP:mySocket pair have an entry in our
    masquerade table ?  If so, tweak the target IP:Socket to lanIP:lanSocket.

    Otherwise, if this lanIP:lanSocket => inetIP:inetSocket pair is a
    candidate for masquerading according to a config table,
        allocate a local socket (mySocket)
        put an entry in our masquerade table that says that
        inetIP:inetSocket packets sent to myIP:mySocket will be changed to
        go to lanIP:lanSocket

If it's this simple, I'll do it !

--

Don't _EVER_ lose your sense of humour....

 
 
 

Can NetBSD do IP masquerading?

Post by Todd Ferr » Sat, 06 Apr 1996 04:00:00


: It's pathetic that I have to connect to my server via telnet or the like,
: then to the net, and the only solution is proxies ?

: The only bad bit about masquerading is that on large subnets, you may
: run out of sockets on the gateway machine, but apart from that, I would
: suggest that it's less of a "hack" than proxies !

: I would be interested if anyone is planning on adding support to NetBSD
: or FreeBSD, and if not, I would be willing.  Are the following assumptions
: true ?:

I'm sorry I can't answer the more technical aspect of the IP masking.  
But I'm glad to see that there is some other interest in this area.

I have proxies working, but they aren't the best solution.

If you are interested I have found that there is a WWW page dedicated to
this for linux.  They have a few kernal patches, maybe these could be
the start of the netbsd kernal mods!

The page is:
http://www.indyramp.com/masq/

Thanks again for the interest and let us know how things look!

Todd Ferris

 
 
 

1. IP for masqueraded net other than masquerading host IP

Hello

I have a linux box which should work as router for two subnets to the internet.
One subnet has valid IP addresses but the other subnet with private IPs has to be masqueraded. Is it possible to masquerade this subnet with an IP address from the other subnet or with the IP of the router port which is connected to the valid subnet and not with the IP address of the router port which is connected to the internet which is the default?

regards
Klaus

2. Set up gateway dialup in RedHat 5.2

3. NetBSD Box as gateway/ IP Masquerading?

4. Sync clock with Nat'l Bureau of Standards?

5. IP Masquerading for NetBSD

6. Raw Terminal?

7. IP Masquerading with NetBSD 1.3.3?

8. Sparcstation4 Question

9. Ip-Masquerade and games over the net...what am I doing wrong????????

10. After IP Masquerade done ??

11. Ip-Masquerade and games over the net...what am I doing wrong????????

12. IP Masquerading works, but does not masquerade from within the local network

13. IP MASQuerading NOT Masquerading?